Shared Service Account
- Query id: c1032cf7-3628-44e2-bd53-38c17cf31b6b
- Query name: Shared Service Account
- Platform: Kubernetes
- Severity: Medium
- Category: Secret Management
- CWE: 200
- URL: Github
Description¶
A Service Account token is shared between workloads
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
serviceAccountName : service1
containers:
- name: mycontainer
image: redis
---
apiVersion: v1
kind: Pod
metadata:
name: pod2
spec:
serviceAccountName : service1
containers:
- name: envars-test-container
image: nginx