trino-operator

v0.2.0

1 Service Accounts

1 Workloads

7 Bindings

3 Critical

4 Low

ConfigMapAccess DataExposure DenialOfService InformationDisclosure NetworkManipulation Persistence PotentialPrivilegeEscalation PrivilegeEscalation ServiceExposure Tampering WorkloadLifecycle letter-T

Description

The Kubedoop operator for Trino

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`trino-operator`	default	❌	—	7	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `trino-operator`

Namespace: default | Automount: ❌

🔑 Permissions (7)

Role	Resource	Verbs	Risk	Tags
ClusterRole `trino-operator`	core/configmaps	create · delete · get · list · patch · update · watch	Critical	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `trino-operator`	core/services	create · delete · get · list · patch · update · watch	Critical	DenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole `trino-operator`	apps/statefulsets	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole `trino-operator`	trino.kubedoop.dev/trinocatalogs	create · delete · get · list · patch · update · watch	Low
ClusterRole `trino-operator`	trino.kubedoop.dev/trinoclusters	create · delete · get · list · patch · update · watch	Low
ClusterRole `trino-operator`	trino.kubedoop.dev/trinoclusters/finalizers	update	Low
ClusterRole `trino-operator`	trino.kubedoop.dev/trinoclusters/status	get · patch · update	Low

⚠️ Potential Abuse (9)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	trino-operator	trino-operator	quay.io/zncdatadev/trino-operator:0.2.0