Feedback on Detected Misconfigurations

Greetings,

We are some security researchers who have built a scanner to detect configurations that can be used to conduct attacks for Kubernetes pods. For your repository, we have found a few misconfigurations in the following locations:

Misconfiguration name: INSECURE_HTTP

Location-1: https://gitlab.com/pongsatt/githook/-/blob/d9ceb7470f482050e52b426e336fe82af3e491e4/config/default/manager_auth_proxy_patch.yaml#L14-18

Misconfiguration name: PRIV_DEFAULT_SA

Location-2: https://gitlab.com/pongsatt/githook/-/blob/master/config/rbac/leader_election_role_binding.yaml?ref_type=heads#L9-12

Location-3: https://gitlab.com/pongsatt/githook/-/blob/master/config/rbac/auth_proxy_role_binding.yaml?ref_type=heads#L10-12

Location-4: https://gitlab.com/pongsatt/githook/-/blob/master/config/rbac/role_binding.yaml?ref_type=heads#L10-12

Misconfiguration name: PRIVILEGED_SA

Location-5: https://gitlab.com/pongsatt/githook/-/blob/master/config/tektonrole.yaml?ref_type=heads#L21-23

Please give us feedback. Do you think these are valid instances of misconfigurations? Will you fix them?

Edited Nov 24, 2023 by zyue110026