zookeeper-operator :: RBAC ATLAS

Description

The Kubedoop operator for Apache Zookeeper

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`zookeeper-operator`	default	✅	—	16	1	Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `zookeeper-operator`

Namespace: default | Automount: ✅

🔑 Permissions (16)

Role	Resource	Verbs	Risk	Tags
ClusterRole `zookeeper-operator`	rbac.authorization.k8s.io/clusterroles	create · delete · get · list · patch · update · watch	Critical	ClusterAdminAccess InformationDisclosure PrivilegeEscalation RBACManipulation RBACQuery (+1 more)
ClusterRole `zookeeper-operator`	core/configmaps	create · delete · get · list · patch · update · watch	Critical	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `zookeeper-operator`	core/secrets	create · delete · get · list · patch · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure Persistence (+4 more)
ClusterRole `zookeeper-operator`	core/services	create · delete · get · list · patch · update · watch	Critical	DenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole `zookeeper-operator`	apps/statefulsets	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole `zookeeper-operator`	rbac.authorization.k8s.io/rolebindings	create · delete · get · list · patch · update · watch	High	BindingToPrivilegedRole InformationDisclosure PrivilegeEscalation RBACManipulation RBACQuery (+1 more)
ClusterRole `zookeeper-operator`	core/serviceaccounts	create · delete · get · list · patch · update · watch	High	IdentityManagement PotentialPrivilegeEscalation Tampering
ClusterRole `zookeeper-operator`	events.k8s.io/events	create · delete · get · list · patch · update · watch	Medium	InformationDisclosure OperationalData Reconnaissance
ClusterRole `zookeeper-operator`	core/endpoints	get · list · watch	Low
ClusterRole `zookeeper-operator`	core/pods	get · list · watch	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperclusters	create · delete · get · list · patch · update · watch	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperclusters/finalizers	update	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperclusters/status	get · patch · update	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperznodes	create · delete · get · list · patch · update · watch	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperznodes/finalizers	update	Low
ClusterRole `zookeeper-operator`	zookeeper.kubedoop.dev/zookeeperznodes/status	get · patch · update	Low

⚠️ Potential Abuse (19)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	zookeeper-operator	zookeeper-operator	quay.io/zncdatadev/zookeeper-operator:0.2.0

zookeeper-operator

Description

Overview

Identities

🤖 zookeeper-operator

🔑 Permissions (16)

⚠️ Potential Abuse (19)

📦 Workloads (1)

🤖 `zookeeper-operator`