According http://static.open-scap.org/ssg-guides/ssg-ocp4-guide-cis.html#xccdf_org.ssgproject.content_rule_rbac_wildcard_use the usage of wildcard in ClusterRole and Roles should be prevented as best as possible.

Further, one should refrain from using `cluster-admin` permissions to comply with CIS security requirements.

It's therefore requested to review the below serviceAccount and their associated Roles as they were found not to be compliant with the above and restrict permissions further to the extend possible.

• system:serviceaccount:openshift-cluster-version:default

This security tracking issue was filed based on manifesting data available to Product Security in https://deptopia.prodsec.redhat.com/ui/home. This data indicates that the component noted in the "pscomponent" label was found to be affected by this vulnerability. If you believe this issue is not actionable and was created erroneously, please fill out the following form and close this issue as Closed with a resolution of Obsolete. This will prompt Product Security to review what type of error caused this Jira issue to be created, and prevent further mistakes of this type in the future.

https://forms.gle/LnXaf5aCAHaV6g8T8

To better understand the distinction between a component being Affected vs Not Affected, please read the following article:
https://docs.engineering.redhat.com/pages/viewpage.action?spaceKey=PRODSEC&title=Understanding+Affected+and+Not+Affected