hivemq-operator

Description

HiveMQ Operator (legacy)

Overview

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 hivemq-operator-operator

Namespace: default  |  Automount: ❌

🔑 Permissions (25)

⚠️ Potential Abuse (26)

The following security risks were found based on the above permissions:

• Cluster-wide pod exec
• Namespaced pod exec
• Cluster-wide pod attach
• Namespaced pod attach
• Cluster-wide pod port-forward
• Namespaced pod port-forward
• Create pods cluster-wide
• Create pods in a namespace
• Update/Patch pods cluster-wide
• Update/Patch pods in a namespace
• Read ConfigMaps cluster-wide
• Read ConfigMaps in a namespace
• Modify ConfigMaps cluster-wide
• Modify ConfigMaps in a namespace
• Manage Deployments cluster-wide (potential for privileged pod execution)
• Manage Deployments in a namespace (potential for privileged pod execution)
• Manage DaemonSets cluster-wide (runs on all nodes, high impact)
• Manage DaemonSets in a namespace (runs on nodes, high impact)
• Manage StatefulSets cluster-wide
• Manage StatefulSets in a namespace
• Manage ValidatingWebhookConfigurations
• Manage CustomResourceDefinitions
• Manage Services cluster-wide
• Manage Services in a namespace
• List ValidatingWebhookConfigurations (Reconnaissance)

📦 Workloads (1)

🤖 hivemq-operator-kube-prome-operator

Namespace: default  |  Automount: ❌

🔑 Permissions (21)

⚠️ Potential Abuse (13)

The following security risks were found based on the above permissions:

• Read secrets cluster-wide
• Read secrets in a namespace
• Modify secrets cluster-wide
• Modify secrets in a namespace
• Read ConfigMaps cluster-wide
• Read ConfigMaps in a namespace
• Modify ConfigMaps cluster-wide
• Modify ConfigMaps in a namespace
• Manage StatefulSets cluster-wide
• Manage StatefulSets in a namespace
• List Namespaces (Cluster Reconnaissance)

📦 Workloads (1)

🤖 hivemq-operator-grafana

Namespace: default  |  Automount: ❌

🔑 Permissions (2)

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

• Read secrets cluster-wide
• Read secrets in a namespace
• Read ConfigMaps cluster-wide
• Read ConfigMaps in a namespace

📦 Workloads (3)

🤖 hivemq-operator-kube-state-metrics

Namespace: default  |  Automount: ❌

🔑 Permissions (31)

⚠️ Potential Abuse (4)

The following security risks were found based on the above permissions:

• List Namespaces (Cluster Reconnaissance)
• List ValidatingWebhookConfigurations (Reconnaissance)
• List MutatingWebhookConfigurations (Reconnaissance)

📦 Workloads (1)

🤖 hivemq-operator-kube-prome-prometheus

Namespace: default  |  Automount: ❌

🔑 Permissions (6)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 hivemq-operator-admission

Namespace: default  |  Automount: ❌

🔑 Permissions (3)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (2)

🤖 hivemq-operator-kube-prome-admission

Namespace: default  |  Automount: ❌

🔑 Permissions (3)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (2)

🤖 hivemq-operator-grafana-test

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (1)

🤖 hivemq-operator-hivemq

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 hivemq-operator-kube-prome-alertmanager

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 hivemq-operator-prometheus-node-exporter

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (1)