kubevious

Description

A Helm chart for Kubevious

Overview

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 kubevious-parser

Namespace: default  |  Automount: ❌

🔑 Permissions (1)

⚠️ Potential Abuse (19)

The following security risks were found based on the above permissions:

• Read secrets cluster-wide
• Read secrets in a namespace
• Read pod logs cluster-wide
• Read pod logs in a namespace
• Read ConfigMaps cluster-wide
• Read ConfigMaps in a namespace
• Read events cluster-wide
• Read RBAC configuration cluster-wide
• List Namespaces (Cluster Reconnaissance)
• List ValidatingWebhookConfigurations (Reconnaissance)
• List MutatingWebhookConfigurations (Reconnaissance)
• Read LimitRanges (Namespace Information Disclosure)
• Read ResourceQuotas (Namespace Information Disclosure)
• Read All ResourceQuotas (Cluster-wide Information Disclosure)
• Read ComponentStatuses (Control Plane Reconnaissance)
• Read CSINode Objects (Node & Storage Reconnaissance)
• Read CSIStorageCapacities (Namespace Storage Reconnaissance)
• Watch All Resources in a Namespace (Broad Information Disclosure)

📦 Workloads (1)

🤖 kubevious-backend

Namespace: default  |  Automount: ❌

🔑 Permissions (2)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (1)