Back to all scenarios
Scenario #201
Security
K8s v1.22, GKE

Unauthorized Access to Secrets Due to Incorrect RBAC Permissions

Unauthorized users were able to access Kubernetes secrets due to overly permissive RBAC roles.

Find this helpful?
What Happened

A service account was granted cluster-admin permissions, which allowed users to access sensitive secrets via kubectl. This led to a security breach when one of the users exploited the permissions.

Diagnosis Steps
  • 1Inspected RBAC roles with kubectl get roles and kubectl get clusterroles to identify misconfigured roles.
  • 2Checked logs and found that sensitive secrets were accessed using a service account that shouldn't have had access.
Root Cause

The service account was granted excessive permissions via RBAC roles.

Fix/Workaround
• Reconfigured RBAC roles to adhere to the principle of least privilege.
• Limited the permissions of the service account and tested access controls.
Lessons Learned

Always follow the principle of least privilege when configuring RBAC for service accounts and users.

How to Avoid
  • 1Regularly audit RBAC roles and service account permissions.
  • 2Implement role-based access control (RBAC) with tight restrictions on who can access secrets.
Previous ScenarioNext Scenario