commons-operator

v0.2.0

1 Service Accounts

1 Workloads

6 Bindings

2 Critical

1 High

3 Low

ClusterWideSecretAccess ConfigMapAccess CredentialAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation PrivilegeEscalation SecretAccess Tampering WorkloadExecution letter-C

Description

Commons operator of Kubedoop

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`commons-operator`	default	✅	—	6	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `commons-operator`

Namespace: default | Automount: ✅

🔑 Permissions (6)

Role	Resource	Verbs	Risk	Tags
ClusterRole `commons-operator`	core/pods	get · list · patch · update · watch	Critical	PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadExecution
ClusterRole `commons-operator`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `commons-operator`	core/configmaps	get · list · watch	High	ConfigMapAccess DataExposure InformationDisclosure
ClusterRole `commons-operator`	core/nodes	get · list · watch	Low
ClusterRole `commons-operator`	core/pods/eviction	create	Low
ClusterRole `commons-operator`	apps/statefulsets	get · list · patch · watch	Low

⚠️ Potential Abuse (7)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	commons-operator	commons-operator	quay.io/zncdatadev/commons-operator:0.2.0