Pepr Overly Permissive RBAC ClusterRole Vulnerability

A vulnerability exists in Pepr, a type-safe Kubernetes middleware, prior to version 1.0.5, where the default Role-Based Access Control (RBAC) configuration grants cluster-admin privileges. This default setting does not enforce least-privilege guidelines for module authors, allowing them to deploy modules with excessive permissions. While this vulnerability is not inherently exploitable, it poses a risk if users overlook the documentation and deploy production modules with unnecessary privileges.

Impact

The vulnerability allows module authors to unintentionally assign broader RBAC permissions than needed, potentially leading to misuse of administrative privileges in a Kubernetes cluster.

Remediation

Users should scope RBAC appropriately before deploying to production. The command 'npx pepr build --rbac-mode=scoped' can be used to generate the minimum required RBAC permissions. Any additional permissions should be based on the specific Kubernetes resources and operations needed by the module.