granted any privileges and are unauthenticated. Fully untrusted Cluster operator A user that has permissions to manage the Kubernetes cluster for deployments of Dapr in Kubernetes mode. Fully trusted Application accounts managing these remote services. A user may have user accounts registered with limited permissions that are sufficient to cause harm to Dapr 4 EP000: Operation Aurora | HACKING GOOGLE; https://www v=przDcQe6n5o 3 For example CVE-2022-24760 11 Dapr security audit 2023 - for example write permissions to an S3 bucket. A threat actor could leverage this by writing a legitimate and valid object to

concepts inside of a production cluster exist. One of the drawbacks is that anyone with root permissions on any node inside of the cluster will be able to read any secret from the API server by impersonating