Manage CronJobs in a namespace (scheduled privileged execution, persistence)
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1040 |
| Name | Manage CronJobs in a namespace (scheduled privileged execution, persistence) |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | batch |
| Resources | cronjobs |
| Verbs | create, update, patch, delete |
| Tags | Persistence PotentialPrivilegeEscalation Tampering WorkloadLifecycle |
Description
Grants permission to create, update, or delete CronJobs within a specific namespace. This can be used to schedule the execution of potentially privileged pods, enabling privilege escalation, persistence, and tampering within that namespace.