Question for issue_token_secrets and list_secret policies #17
Labels
documentation
Improvements or additions to documentation
Comments
|
🎉 Thanks for opening your first issue here! Welcome to the community! |
UgOrange
changed the title
|
Hi, good question! If you can create a secret you can link it to a service account (using a few fields in the secret definition) and Kubernetes will automatically populate a new token for that SA in the secret :) At that point if you can somehow read the secret you could retrieve that token and potentially escalate privileges depending on its permissions. Btw at the bottom of the report linked in this repo description there are explanations for how the permissions in most of the policies lead to attacks. As for the severity of secrets listing policy - I agree, could be changed to High. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Documentation link
link
Describe the problem
I am currently studying your detection rules and have come across a couple of questions that I would appreciate your assistance with.
Regarding the "issue_token_secrets" rule, it appears to detect permissions related to modifying or creating secrets. I would like to understand how this rule handles the issuance of administrator-equivalent service account privileges.
Additionally, I believe that the risk level associated with the "list_secret" rule could be increased. I would like to suggest considering an adjustment to reflect a higher level of risk.
Suggested fix
The text was updated successfully, but these errors were encountered: