Manage StatefulSets cluster-wide
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1037 |
| Name | Manage StatefulSets cluster-wide |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | apps |
| Resources | statefulsets |
| Verbs | create, update, patch, delete |
| Tags | Persistence PrivilegeEscalation Tampering WorkloadLifecycle |
Description
Grants permission to create, update, or delete StatefulSets across all namespaces. Similar to Deployments, this can be used to deploy pods (often stateful applications) with privileged configurations, leading to privilege escalation, persistence, and tampering.