Modify node configuration (labels, taints)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1015 |
| Name | Modify node configuration (labels, taints) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | nodes |
| Verbs | patch, update |
| Tags | DenialOfService NodeAccess PotentialPrivilegeEscalation Tampering |
Description
Allows modifying node configurations, such as labels and taints, across the cluster. This can be abused to influence pod scheduling, potentially forcing sensitive workloads onto compromised nodes or causing denial of service by misconfiguring taints. It can also be a step towards privilege escalation.