Manage Deployments in a namespace (potential for privileged pod execution)
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1034 |
| Name | Manage Deployments in a namespace (potential for privileged pod execution) |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | apps |
| Resources | deployments |
| Verbs | create, update, patch, delete |
| Tags | Persistence PotentialPrivilegeEscalation Tampering WorkloadLifecycle |
Description
Grants permission to create, update, or delete Deployments within a specific namespace. This can be used to deploy pods with privileged settings within that namespace, potentially leading to privilege escalation, persistence, and tampering with applications.