Remove unnecessary RBAC permission in helm charts #3041

kaaass · 2024-05-03T03:55:56Z

What would you like to be added:

Remove all the unnecessary RBAC permission in the helm charts.

#1105 may relate to this.

Why is this needed:

Unnecessary rbac permissions can lead to security risks. Currently, the submariner-operator's helm charts have applied for too many permissions it doesn’t need, such as Deployment submariner-operator. Among them, we found that several sensitive permissions may even lead to the hijacking of the cluster under specific attacks. Due to the risk of security disclosure, we have hidden the details of these permissions in the public issue. We have reported this security issue through private email and received confirmation from the community.

The text was updated successfully, but these errors were encountered:

kaaass added the enhancement New feature or request label May 3, 2024

tpantelis added bug Something isn't working and removed enhancement New feature or request labels May 3, 2024

tpantelis mentioned this issue May 3, 2024

Reduce RBAC permissions for the various components #3040

Merged

tpantelis closed this as completed in #3040 May 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove unnecessary RBAC permission in helm charts #3041

Remove unnecessary RBAC permission in helm charts #3041

kaaass commented May 3, 2024

Remove unnecessary RBAC permission in helm charts #3041

Remove unnecessary RBAC permission in helm charts #3041

Comments

kaaass commented May 3, 2024