Shared Service Account

• Query id: c1032cf7-3628-44e2-bd53-38c17cf31b6b
• Query name: Shared Service Account
• Platform: Kubernetes
• Severity: Medium
• Category: Secret Management
• CWE: 200
• URL: Github

Description

A Service Account token is shared between workloads
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: pod1
spec:
  serviceAccountName : service1
  containers:
  - name: mycontainer
    image: redis
---
apiVersion: v1
kind: Pod
metadata:
  name: pod2
spec:
  serviceAccountName : service1
  containers:
  - name: envars-test-container
    image: nginx

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: pod1
spec:
  serviceAccountName : service1
  containers:
  - name: mycontainer
    image: redis
---
apiVersion: v1
kind: Pod
metadata:
  name: pod2
spec:
  serviceAccountName : service2
  containers:
  - name: envars-test-container
    image: nginx