jenkins :: RBAC ATLAS

Description

Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts.

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`jenkins`	default	❌	—	4	1	High

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `jenkins`

Namespace: default | Automount: ❌

🔑 Permissions (4)

Role	Resource	Verbs	Risk	Tags
Role `jenkins-schedule-agents`	core/pods	*	High	LateralMovement NamespaceAdmin NamespaceWideAccess Persistence PotentialPrivilegeEscalation (+3 more)
Role `jenkins-schedule-agents`	core/pods/exec	*	High	CodeExecution LateralMovement NamespaceAdmin NamespaceWideAccess PodExec (+2 more)
Role `jenkins-schedule-agents`	core/persistentvolumeclaims	*	Medium	NamespaceAdmin NamespaceWideAccess WildcardPermission
Role `jenkins-schedule-agents`	core/pods/log	*	Medium	DataExposure InformationDisclosure LogAccess NamespaceAdmin NamespaceWideAccess (+1 more)

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	jenkins	jenkins	jenkins/jenkins:lts

jenkins