1 Service Accounts
1 Workloads
16 Bindings
1 Critical
7 High
6 Medium
2 Low
Description
vcluster - Virtual Kubernetes Clusters
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
vc-vcluster | default | ❌ | — | 16 | 2 | Critical |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 vc-vcluster
Namespace: default | Automount: ❌
🔑 Permissions (16)
⚠️ Potential Abuse (15)
The following security risks were found based on the above permissions:
- Namespaced pod exec
- Namespaced pod attach
- Namespaced pod port-forward
- Create pods in a namespace
- Update/Patch pods in a namespace
- Read secrets in a namespace
- Modify secrets in a namespace
- Read pod logs in a namespace
- Read ConfigMaps in a namespace
- Modify ConfigMaps in a namespace
- Manage Endpoints or EndpointSlices in a namespace
- Manage Services in a namespace
- Manage Ingresses (Namespace Service Exposure/Traffic Redirection)
📦 Workloads (2)
| Kind | Name | Container | Image |
|---|---|---|---|
| StatefulSet | vcluster | syncer | loftsh/vcluster:0.1.0 |
| StatefulSet | vcluster | vcluster | rancher/k3s:v1.19.1-k3s1 |