cozystack icon indicating copy to clipboard operation
cozystack copied to clipboard
verified publisher icon aenix-io

Security point: Anonymous user has RoleBinding

Open matthieu-robin opened this issue 1 year ago • 2 comments

After a kubescape scan, we have detected that Anonymous user has RoleBinding. Should be more secure to close it. Thanks

matthieu-robin avatar Oct 08 '24 19:10 matthieu-robin

@matthieu-robin Hi! Please provide more detailed report from kubescape. It does sound like a critical vulnerability, but we will look what we can do with it. Also it is not clear about which cluster you are talking about - main (based on talos) or tenant ones.

gecube avatar Oct 09 '24 04:10 gecube

Hi, here is the full report of Kubescape based on the version 0.16.2 of Cozystack ( Talos version 1.7.1). The command used: kubescape scan -v -e tenant-ssl-jluc,opencost,neuvector,tenant-matthieu --format html --output results.html results.html.zip

Let me know if you need more help on this

matthieu-robin avatar Oct 09 '24 06:10 matthieu-robin

Image

I think this is inteded behavior of kubernetes cluster, we don't mange this rolebinding from cozystack side

kvaps avatar Mar 25 '25 10:03 kvaps

For more info please refer to Kubernetes documentation https://kubernetes.io/docs/reference/access-authn-authz/rbac/#discovery-roles

kvaps avatar Mar 25 '25 10:03 kvaps