Manage Jobs in a namespace (one-off privileged execution)
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1042 |
| Name | Manage Jobs in a namespace (one-off privileged execution) |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | batch |
| Resources | jobs |
| Verbs | create, update, patch, delete |
| Tags | PotentialPrivilegeEscalation Tampering WorkloadLifecycle |
Description
Permits creating, updating, or deleting Jobs within a specific namespace. This can be used to run a one-off pod, potentially with privileged settings, leading to code execution and potential privilege escalation within that namespace.