C-0258 - Workload with ConfigMap access

Framework

security

Severity

Medium

Description of the the issue

This control detects workloads that have mounted ConfigMaps. Workloads with ConfigMap access can potentially expose sensitive information and elevate the risk of unauthorized access to critical resources.

Related resources

ConfigMap, CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Check if any workload has mounted secrets by inspecting their specifications and verifying if secret volumes are defined

Remediation

Review the workloads identified by this control and assess whether it's necessary to mount these configMaps. Remove configMaps access from workloads that don't require it or ensure appropriate access controls are in place to protect sensitive information.

Example

No example