Manage Jobs cluster-wide (one-off privileged execution)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1041 |
| Name | Manage Jobs cluster-wide (one-off privileged execution) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | batch |
| Resources | jobs |
| Verbs | create, update, patch, delete |
| Tags | PrivilegeEscalation Tampering WorkloadLifecycle |
Description
Allows creating, updating, or deleting Jobs across all namespaces. Jobs create one or more pods for batch tasks. This can be used to run a one-off pod with privileged settings, leading to code execution, privilege escalation, and tampering.