1 Service Accounts
1 Workloads
38 Bindings
7 High
31 Low
Description
Wiz Sensor helm chart
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
wiz-sensor | default | ❌ | — | 38 | 1 | High |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 wiz-sensor
Namespace: default | Automount: ❌
🔑 Permissions (38)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole wiz-sensor | actions.github.com/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | argoproj.io/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | composer.cloud.google.com/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | kafka.strimzi.io/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | ray.io/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | sparkoperator.k8s.io/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | tekton.dev/* | get | High | ClusterWideAccess |
ClusterRole wiz-sensor | apps/cronjobs | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/cronjobs | get · list · watch | Low | |
ClusterRole wiz-sensor | core/cronjobs | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/daemonsets | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/daemonsets | get · list · watch | Low | |
ClusterRole wiz-sensor | core/daemonsets | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/deployments | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/deployments | get · list · watch | Low | |
ClusterRole wiz-sensor | core/deployments | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/jobs | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/jobs | get · list · watch | Low | |
ClusterRole wiz-sensor | core/jobs | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/namespaces | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/namespaces | get · list · watch | Low | |
ClusterRole wiz-sensor | core/namespaces | get · list · watch | Low | ClusterStructure InformationDisclosure Reconnaissance |
ClusterRole wiz-sensor | apps/nodes | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/nodes | get · list · watch | Low | |
ClusterRole wiz-sensor | core/nodes | get · list · watch | Low | |
ClusterRole wiz-sensor | core/pods | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/replicasets | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/replicasets | get · list · watch | Low | |
ClusterRole wiz-sensor | core/replicasets | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/replicationcontrollers | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/replicationcontrollers | get · list · watch | Low | |
ClusterRole wiz-sensor | core/replicationcontrollers | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/serviceaccounts | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/serviceaccounts | get · list · watch | Low | |
ClusterRole wiz-sensor | core/serviceaccounts | get · list · watch | Low | |
ClusterRole wiz-sensor | apps/statefulsets | get · list · watch | Low | |
ClusterRole wiz-sensor | batch/statefulsets | get · list · watch | Low | |
ClusterRole wiz-sensor | core/statefulsets | get · list · watch | Low |
⚠️ Potential Abuse (3)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| DaemonSet | wiz-sensor | wiz-sensor | wizio.azurecr.io/sensor:v1 |