authorino-operator :: RBAC ATLAS

Description

Kubernetes operator for managing Authorino instances, a K8s-native AuthN/AuthZ service to protect your APIs.

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`authorino-operator`	default	❌	—	22	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `authorino-operator`

Namespace: default | Automount: ❌

🔑 Permissions (22)

Role	Resource	Verbs	Risk	Tags
ClusterRole `authorino-operator-manager`	core/configmaps	create · delete · get · list · patch · update · watch	Critical	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `authorino-operator-manager`	apps/deployments	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
Role `authorino-operator-leader-election`	coordination.k8s.io/leases	create · delete · get · list · patch · update · watch	Critical	ControlPlaneDisruption CriticalNamespace DenialOfService Tampering
ClusterRole `authorino-operator-manager`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
Role `authorino-operator-leader-election`	core/configmaps	create · delete · get · list · patch · update · watch	High	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `authorino-operator-manager`	rbac.authorization.k8s.io/clusterrolebindings	create · get · list · update · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `authorino-operator-manager`	rbac.authorization.k8s.io/clusterroles	create · get · list · update · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `authorino-operator-manager`	rbac.authorization.k8s.io/rolebindings	create · get · list · update · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `authorino-operator-manager`	rbac.authorization.k8s.io/roles	create · get · list · update · watch	Medium	InformationDisclosure RBACQuery Reconnaissance
ClusterRole `authorino-operator-manager`	authorization.k8s.io/subjectaccessreviews	create	Medium	InformationDisclosure RBACQuery
ClusterRole `authorino-operator-manager`	authentication.k8s.io/tokenreviews	create	Medium	CredentialAccess InformationDisclosure RBACQuery
ClusterRole `authorino-operator-manager`	authorino.kuadrant.io/authconfigs	create · delete · get · list · patch · update · watch	Low
ClusterRole `authorino-operator-manager`	authorino.kuadrant.io/authconfigs/status	get · patch · update	Low
ClusterRole `authorino-operator-manager`	operator.authorino.kuadrant.io/authorinos	create · delete · get · list · patch · update · watch	Low
ClusterRole `authorino-operator-manager`	operator.authorino.kuadrant.io/authorinos/finalizers	update	Low
ClusterRole `authorino-operator-manager`	operator.authorino.kuadrant.io/authorinos/status	get · patch · update	Low
ClusterRole `authorino-operator-manager`	core/configmaps/status	delete · get · patch · update	Low
ClusterRole `authorino-operator-manager`	core/events	create · patch	Low
Role `authorino-operator-leader-election`	core/events	create · patch	Low
ClusterRole `authorino-operator-manager`	coordination.k8s.io/leases	create · get · list · update	Low
ClusterRole `authorino-operator-manager`	core/serviceaccounts	create · get · list · update · watch	Low
ClusterRole `authorino-operator-manager`	core/services	create · get · list · update · watch	Low

⚠️ Potential Abuse (13)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	authorino-operator	manager	quay.io/kuadrant/authorino-operator:v0.18.0

authorino-operator