Skip to content

Promtail clusterrole permit privilege escalation from node proxy resource. #3548

New issue
New issue
Open
Open
Promtail clusterrole permit privilege escalation from node proxy resource.#3548
@navin-sharma13

Description

@navin-sharma13
navin-sharma13
opened on Jan 29, 2025

Issue: Privilege Escalation from Node Proxy in Promtail

We encountered the following security audit issue for Promtail:
Cluster Roles allow privilege escalation from node proxy

Currently, the access to the nodes/proxy resource via in clusterrole is hard-coded in the helm-chart - charts/promtail/templates/clusterrole.yaml file.

Questions:

  1. Does Promtail have a dependency on the nodes/proxy resource?

  2. Is it possible to bypass or remove access to nodes/proxy in Cluster role without impacting Promtail's functionality?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions