Manage RoleBindings in a namespace (create, update, patch, delete)
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1030 |
| Name | Manage RoleBindings in a namespace (create, update, patch, delete) |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | rbac.authorization.k8s.io |
| Resources | rolebindings |
| Verbs | create, update, patch, delete |
| Tags | BindingToPrivilegedRole PrivilegeEscalation RBACManipulation |
Description
Allows creating, modifying, or deleting RoleBindings within a specific namespace. This enables an attacker to bind users, groups, or service accounts to Roles within that namespace. If a powerful ClusterRole is bound to a service account in the namespace, this can lead to privilege escalation.