Manage ClusterRoleBindings (create, update, patch, delete)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1028 |
| Name | Manage ClusterRoleBindings (create, update, patch, delete) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | rbac.authorization.k8s.io |
| Resources | clusterrolebindings |
| Verbs | create, update, patch, delete |
| Tags | BindingToPrivilegedRole ClusterAdminAccess PrivilegeEscalation RBACManipulation |
Description
Permits creating, modifying, or deleting ClusterRoleBindings. This allows an attacker to bind any user, group, or service account to any ClusterRole (including highly privileged ones like cluster-admin), effectively granting arbitrary cluster-wide permissions and leading to privilege escalation.