Vendor services misconfigurations

GKE using Legacy Authorization (ABAC)

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Control (RBAC) and is not under active development. RBAC is the recommended way to manage permissions in Kubernetes. It was detected that {GcpGkeCluster} uses ABAC instead of RBAC.