Create SubjectAccessReviews (check arbitrary permissions)
Information Disclosure
Medium
Overview
| Field | Value |
|---|---|
| ID | 1050 |
| Name | Create SubjectAccessReviews (check arbitrary permissions) |
| Risk Category | Information Disclosure |
| Risk Level | Medium |
| Role Type | ClusterRole |
| API Groups | authorization.k8s.io |
| Resources | subjectaccessreviews |
| Verbs | create |
| Tags | InformationDisclosure RBACQuery |
Description
Permits submitting SubjectAccessReview requests to check if an arbitrary user, group, or service account has specific permissions cluster-wide. This can be used for reconnaissance to understand the RBAC configuration and identify potential privilege escalation paths.