Bind ClusterRoles to identities (bind verb)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1032 |
| Name | Bind ClusterRoles to identities (bind verb) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | rbac.authorization.k8s.io |
| Resources | clusterroles |
| Verbs | bind |
| Tags | BindingToPrivilegedRole ClusterAdminAccess PrivilegeEscalation RBACManipulation |
Description
Permits using the ‘bind’ verb on ClusterRoles (or Roles). This allows a user to create a ClusterRoleBinding (or RoleBinding) that grants the permissions of a specific role to another user, group, or service account, potentially leading to privilege escalation if a highly privileged role is bound.