Manage Deployments cluster-wide (potential for privileged pod execution)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1033 |
| Name | Manage Deployments cluster-wide (potential for privileged pod execution) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | apps |
| Resources | deployments |
| Verbs | create, update, patch, delete |
| Tags | Persistence PrivilegeEscalation Tampering WorkloadLifecycle |
Description
Allows creating, updating, or deleting Deployments across all namespaces. Deployments manage pod replicas, and this permission can be used to deploy pods with privileged settings, leading to code execution, privilege escalation, persistence, and tampering with cluster workloads.