kong :: RBAC ATLAS

Description

The Cloud-Native Ingress and API-management

https://github.com/Kong/charts/tree/main/charts/kong

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`kong-kong`	default	❌	—	46	2	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `kong-kong`

Namespace: default | Automount: ❌

🔑 Permissions (46)

Role	Resource	Verbs	Risk	Tags
Role `kong-kong`	coordination.k8s.io/leases	create · delete · get · list · patch · update · watch	Critical	ControlPlaneDisruption CriticalNamespace DenialOfService Tampering
ClusterRole `kong-kong`	core/configmaps	get · list · watch	High	ConfigMapAccess DataExposure InformationDisclosure
Role `kong-kong`	core/configmaps	create · delete · get · list · patch · update · watch	High	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
Role `kong-kong`	coordination.k8s.io/configmaps	create · delete · get · list · patch · update · watch	Low
ClusterRole `kong-kong`	apiextensions.k8s.io/customresourcedefinitions	list · watch	Low
ClusterRole `kong-kong`	discovery.k8s.io/endpointslices	get · list · watch	Low
ClusterRole `kong-kong`	core/events	create · patch	Low
Role `kong-kong`	core/events	create · patch	Low
ClusterRole `kong-kong`	networking.k8s.io/ingressclasses	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/ingressclassparameterses	get · list · watch	Low
ClusterRole `kong-kong`	extensions/ingresses	get · list · watch	Low
ClusterRole `kong-kong`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `kong-kong`	extensions/ingresses/status	get · patch · update	Low
ClusterRole `kong-kong`	networking.k8s.io/ingresses/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongclusterplugins	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongclusterplugins/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongconsumergroups	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongconsumergroups/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongconsumers	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongconsumers/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongcustomentities	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongcustomentities/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongingresses	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongingresses/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/konglicenses	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/konglicenses/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongplugins	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongplugins/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongupstreampolicies	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongupstreampolicies/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongvaults	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/kongvaults/status	get · patch · update	Low
Role `kong-kong`	core/leases	create · delete · get · list · patch · update · watch	Low
Role `kong-kong`	core/namespaces	get	Low
ClusterRole `kong-kong`	core/nodes	list · watch	Low
ClusterRole `kong-kong`	core/pods	get · list · watch	Low
Role `kong-kong`	core/pods	get	Low
ClusterRole `kong-kong`	core/secrets	list · watch	Low
Role `kong-kong`	core/secrets	get	Low
ClusterRole `kong-kong`	core/services	get · list · watch	Low
Role `kong-kong`	core/services	get	Low
ClusterRole `kong-kong`	core/services/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/tcpingresses	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/tcpingresses/status	get · patch · update	Low
ClusterRole `kong-kong`	configuration.konghq.com/udpingresses	get · list · watch	Low
ClusterRole `kong-kong`	configuration.konghq.com/udpingresses/status	get · patch · update	Low

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

📦 Workloads (2)

Kind	Name	Container	Image
Deployment	kong-kong	ingress-controller	kong/kubernetes-ingress-controller:3.4
Deployment	kong-kong	proxy	kong:3.9

kong

Description

Overview

Identities

🤖 kong-kong

🔑 Permissions (46)

⚠️ Potential Abuse (5)

📦 Workloads (2)

🤖 `kong-kong`