Description

Meshery Operator chart.

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
meshery-operatordefault82Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

🤖 meshery-operator

Namespace: default  |  Automount:

🔑 Permissions (8)

RoleResourceVerbsRiskTags
ClusterRole meshery-controller-role*create · delete · get · list · patch · update · watchCriticalAPIServerDoS APIServiceManipulation AvailabilityImpact BackupAccess BindingToPrivilegedRole (+63 more)
Role meshery-leader-election-rolecore/configmapscreate · delete · get · list · patch · update · watchHighConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole meshery-proxy-roleauthorization.k8s.io/subjectaccessreviewscreateMediumInformationDisclosure RBACQuery
ClusterRole meshery-proxy-roleauthentication.k8s.io/tokenreviewscreateMediumCredentialAccess InformationDisclosure RBACQuery
ClusterRole meshery-operator-rolemeshery.io/brokerscreate · delete · get · list · patch · update · watchLow
ClusterRole meshery-operator-rolemeshery.io/brokers/statusget · patch · updateLow
Role meshery-leader-election-rolecore/configmaps/statusget · patch · updateLow
Role meshery-leader-election-rolecore/eventscreate · patchLow

⚠️ Potential Abuse (97)

The following security risks were found based on the above permissions:

📦 Workloads (2)

KindNameContainerImage
Deploymentmeshery-operatorkube-rbac-proxygcr.io/kubebuilder/kube-rbac-proxy:v0.16.0
Deploymentmeshery-operatormanagermeshery/meshery-operator:stable-latest