Description

an operator that makes olm easy to use outside of openshift

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
easy-olm-operatordefault151Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

🤖 easy-olm-operator

Namespace: default  |  Automount:

🔑 Permissions (15)

RoleResourceVerbsRiskTags
ClusterRole easy-olm-operatorcore/configmapscreate · delete · get · list · patch · update · watchCriticalConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole easy-olm-operatorapiextensions.k8s.io/customresourcedefinitionscreate · delete · get · list · patch · update · watchCriticalCRDManipulation PotentialPrivilegeEscalation Tampering
ClusterRole easy-olm-operatorcoordination.k8s.io/leasescreate · delete · get · list · patch · update · watchCriticalControlPlaneDisruption CriticalNamespace DenialOfService LeaderElectionAbuse Tampering
ClusterRole easy-olm-operatoreasyolm.rock8s.com/crdrefscreate · delete · get · list · patch · update · watchLow
ClusterRole easy-olm-operatoreasyolm.rock8s.com/crdrefs/finalizersupdateLow
ClusterRole easy-olm-operatoreasyolm.rock8s.com/crdrefs/statusget · patch · updateLow
ClusterRole easy-olm-operatoroperators.coreos.com/installplansget · list · patch · update · watchLow
ClusterRole easy-olm-operatoroperators.coreos.com/installplans/statusgetLow
ClusterRole easy-olm-operatoreasyolm.rock8s.com/manualsubscriptionscreate · delete · get · list · patch · update · watchLow
ClusterRole easy-olm-operatoreasyolm.rock8s.com/manualsubscriptions/finalizersupdateLow
ClusterRole easy-olm-operatoreasyolm.rock8s.com/manualsubscriptions/statusget · patch · updateLow
ClusterRole easy-olm-operatorcore/namespacesget · list · watchLowClusterStructure InformationDisclosure Reconnaissance
ClusterRole easy-olm-operatorcore/namespaces/statusgetLow
ClusterRole easy-olm-operatoroperators.coreos.com/operatorgroupscreate · get · list · watchLow
ClusterRole easy-olm-operatoroperators.coreos.com/subscriptionscreate · delete · get · list · patch · update · watchLow

⚠️ Potential Abuse (9)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymenteasy-olm-operatoreasy-olm-operatorregistry.gitlab.com/bitspur/rock8s/easy-olm-operator:0.0.1