Description

Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics.

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
zabbixdefault186Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 zabbix

Namespace: default  |  Automount:

🔑 Permissions (18)

RoleResourceVerbsRiskTags
ClusterRole zabbixcore/nodes/proxygetCriticalAuthorizationBypass ClusterAdminAccess CodeExecution ElevationOfPrivilege LateralMovement (+1 more)
ClusterRole zabbixcore/componentstatusesget · listMediumControlPlaneDisruption InformationDisclosure Reconnaissance
ClusterRole zabbixbatch/cronjobsget · listLow
ClusterRole zabbixapps/daemonsetsget · listLow
ClusterRole zabbixextensions/daemonsetsget · listLow
ClusterRole zabbixapps/deploymentsget · listLow
ClusterRole zabbixextensions/deploymentsget · listLow
ClusterRole zabbixcore/endpointsget · listLow
ClusterRole zabbixcore/eventsget · listLow
ClusterRole zabbixbatch/jobsget · listLow
ClusterRole zabbixcore/namespacesget · listLow
ClusterRole zabbixcore/nodesget · listLow
ClusterRole zabbixcore/nodes/metricsgetLow
ClusterRole zabbixcore/nodes/specgetLow
ClusterRole zabbixcore/nodes/statsgetLow
ClusterRole zabbixcore/podsget · listLow
ClusterRole zabbixcore/servicesget · listLow
ClusterRole zabbixapps/statefulsetsget · listLow

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (6)

KindNameContainerImage
CronJobzabbix-nodescleanhanodes-autocleanpostgres:16
Deploymentzabbix-zabbix-serverzabbix-agentzabbix/zabbix-agent2:ubuntu-7.0.16
Deploymentzabbix-zabbix-serverzabbix-serverzabbix/zabbix-server-pgsql:ubuntu-7.0.16
Deploymentzabbix-zabbix-webzabbix-webzabbix/zabbix-web-nginx-pgsql:ubuntu-7.0.16
Deploymentzabbix-zabbix-webservicezabbix-webservicezabbix/zabbix-web-service:ubuntu-7.0.16
StatefulSetzabbix-postgresqlpostgresqlpostgres:16