jenkins :: RBAC ATLAS

Description

Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts.

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`jenkins`	default	❌	—	5	1	High

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `jenkins`

Namespace: default | Automount: ❌

🔑 Permissions (5)

Role	Resource	Verbs	Risk	Tags
Role `jenkins-schedule-agents`	core/pods	create · delete · deletecollection · get · list · patch · update · watch	High	LateralMovement Persistence PotentialPrivilegeEscalation Tampering WorkloadExecution
Role `jenkins-schedule-agents`	core/pods/exec	create · delete · deletecollection · get · list · patch · update · watch	High	CodeExecution LateralMovement PodExec PotentialPrivilegeEscalation
Role `jenkins-schedule-agents`	core/pods/log	get · list · watch	Medium	DataExposure InformationDisclosure LogAccess
Role `jenkins-schedule-agents`	core/events	get · list · watch	Low
Role `jenkins-schedule-agents`	core/persistentvolumeclaims	create · delete · deletecollection · get · list · patch · update · watch	Low

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	jenkins	jenkins	jenkins/jenkins:lts

jenkins