keda :: RBAC ATLAS

Description

Event-based autoscaler for workloads on Kubernetes

https://github.com/kedacore/keda

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`keda-operator`	default	✅	—	25	2	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `keda-operator`

Namespace: default | Automount: ✅

🔑 Permissions (25)

Role	Resource	Verbs	Risk	Tags
ClusterRole `keda-operator`	*	get	Critical	AuthorizationBypass ClusterAdminAccess ClusterWideAccess ClusterWideLogAccess CodeExecution (+7 more)
ClusterRole `keda-operator`	//scale	*	Critical	ClusterAdminAccess ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	core/configmaps	*	Critical	ClusterWideAccess ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation (+2 more)
ClusterRole `keda-operator`	batch/jobs	*	Critical	ClusterWideAccess PotentialPrivilegeEscalation PrivilegeEscalation Tampering WildcardPermission (+1 more)
ClusterRole `keda-operator`	coordination.k8s.io/leases	*	Critical	ClusterWideAccess ControlPlaneDisruption CriticalNamespace DenialOfService LeaderElectionAbuse (+2 more)
ClusterRole `keda-operator`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `keda-operator`	keda.sh/clustertriggerauthentications	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/clustertriggerauthentications/status	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	core/configmaps/status	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	autoscaling/horizontalpodautoscalers	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledjobs	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledjobs/finalizers	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledjobs/status	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledobjects	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledobjects/finalizers	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/scaledobjects/status	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/triggerauthentications	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	keda.sh/triggerauthentications/status	*	High	ClusterWideAccess WildcardPermission
ClusterRole `keda-operator`	core/events	*	Medium	ClusterWideAccess InformationDisclosure OperationalData Reconnaissance WildcardPermission
ClusterRole `keda-operator`	apps/deployments	list · watch	Low
ClusterRole `keda-operator`	core/external	get · list · watch	Low
ClusterRole `keda-operator`	core/pods	get · list · watch	Low
ClusterRole `keda-operator`	core/serviceaccounts	list · watch	Low
ClusterRole `keda-operator`	core/services	get · list · watch	Low
ClusterRole `keda-operator`	apps/statefulsets	list · watch	Low

⚠️ Potential Abuse (17)

The following security risks were found based on the above permissions:

📦 Workloads (2)

Kind	Name	Container	Image
Deployment	keda-operator	keda-operator	ghcr.io/kedacore/keda:2.8.2
Deployment	keda-operator-metrics-apiserver	keda-operator-metrics-apiserver	ghcr.io/kedacore/keda-metrics-apiserver:2.8.2

keda

Description

Overview

Identities

🤖 keda-operator

🔑 Permissions (25)

⚠️ Potential Abuse (17)

📦 Workloads (2)

🤖 `keda-operator`