Description

Helm Chart for Capsule Proxy, addon for Capsule, the multi-tenant Operator

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
(orphaned-bindings)30Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

⚠️ (orphaned-bindings)

Warning: The following RBAC bindings exist but are not associated with any active service accounts in the cluster.

🔑 Permissions (3)

RoleResourceVerbsRiskTags
Role capsule-proxy:capsule-proxycoordination.k8s.io/leasescreate · delete · get · list · patch · update · watchCriticalControlPlaneDisruption CriticalNamespace DenialOfService Tampering
Role capsule-proxy:capsule-proxycore/configmapscreate · delete · get · list · patch · update · watchHighConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
Role capsule-proxy:capsule-proxycore/endpointscreate · delete · get · list · patch · update · watchHighDenialOfService NetworkManipulation Tampering TrafficRedirection

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions: