Information
The RBAC role 'cluster-admin' provides wide-ranging powers over the environment and should be used only where and when needed.
Rationale:
Kubernetes provides a set of default roles where RBAC is used. Some of these roles such as 'cluster-admin' provide wide-ranging privileges which should only be applied where absolutely necessary. Roles such as 'cluster-admin' allow super-user access to perform any action on any resource. When used in a 'ClusterRoleBinding', it gives full control over every resource in the cluster and in all namespaces. When used in a 'RoleBinding', it gives full control over every resource in the rolebinding's namespace, including the namespace itself.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Remove any unneeded 'clusterrolebindings':
kubectl delete clusterrolebinding [name]
Impact:
Care should be taken before removing any `clusterrolebindings` from the environment to ensure they were not required for operation of the cluster. Specifically, modifications should not be made to `clusterrolebindings` with the `system:` prefix as they are required for the operation of system components.