Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

software bug: too excessive clusterrole privilege #1326

Closed
0ekk opened this issue Jul 29, 2024 · 1 comment
Closed

software bug: too excessive clusterrole privilege #1326

0ekk opened this issue Jul 29, 2024 · 1 comment
Assignees
@ErikJiang
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@0ekk
Copy link
Member

0ekk commented Jul 29, 2024
edited
Loading

Describe the version
version about:

  1. kubean any

Describe the bug
Permissions from https://github.com/kubean-io/kubean/blob/main/charts/kubean/templates/clusterrole.yaml are too loose.

That may leads to malicious one can access the worker node which has deployments of Kubean, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster.

Thanks for the @younaman([email protected])'s reporting

Expected behavior
The Kubean should use accurate verbs and resource types to restrain the permission that granted to the deployment.
@0ekk 0ekk added the kind/bug Categorizes issue or PR as related to a bug. label Jul 29, 2024
@0ekk 0ekk changed the title software bug software bug: too excessive clusterrole privilege Jul 30, 2024
@younaman
Copy link

Dear kubean maintainers:
I am Nanzi Yang, thank you again for opening this issue. I will try my best to help you to review the permission set and enhance the permission set, other details are sent by an private email:)

Regards,
Nanzi Yang

This was referenced Aug 5, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ErikJiang ErikJiang

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ErikJiang @younaman @0ekk