Description

The Kubedoop operator for Apache Zookeeper

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
zookeeper-operatordefault161Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

🤖 zookeeper-operator

Namespace: default  |  Automount:

🔑 Permissions (16)

RoleResourceVerbsRiskTags
ClusterRole zookeeper-operatorrbac.authorization.k8s.io/clusterrolescreate · delete · get · list · patch · update · watchCriticalClusterAdminAccess InformationDisclosure PrivilegeEscalation RBACManipulation RBACQuery (+1 more)
ClusterRole zookeeper-operatorcore/configmapscreate · delete · get · list · patch · update · watchCriticalConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole zookeeper-operatorcore/secretscreate · delete · get · list · patch · update · watchCriticalClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure Persistence (+4 more)
ClusterRole zookeeper-operatorcore/servicescreate · delete · get · list · patch · update · watchCriticalDenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole zookeeper-operatorapps/statefulsetscreate · delete · get · list · patch · update · watchCriticalPersistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole zookeeper-operatorrbac.authorization.k8s.io/rolebindingscreate · delete · get · list · patch · update · watchHighBindingToPrivilegedRole InformationDisclosure PrivilegeEscalation RBACManipulation RBACQuery (+1 more)
ClusterRole zookeeper-operatorcore/serviceaccountscreate · delete · get · list · patch · update · watchHighIdentityManagement PotentialPrivilegeEscalation Tampering
ClusterRole zookeeper-operatorevents.k8s.io/eventscreate · delete · get · list · patch · update · watchMediumInformationDisclosure OperationalData Reconnaissance
ClusterRole zookeeper-operatorcore/endpointsget · list · watchLow
ClusterRole zookeeper-operatorcore/podsget · list · watchLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperclusterscreate · delete · get · list · patch · update · watchLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperclusters/finalizersupdateLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperclusters/statusget · patch · updateLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperznodescreate · delete · get · list · patch · update · watchLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperznodes/finalizersupdateLow
ClusterRole zookeeper-operatorzookeeper.kubedoop.dev/zookeeperznodes/statusget · patch · updateLow

⚠️ Potential Abuse (19)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentzookeeper-operatorzookeeper-operatorquay.io/zncdatadev/zookeeper-operator:0.2.0