Create LocalSubjectAccessReviews (check permissions in a namespace)
Information Disclosure
Low
Overview
| Field | Value |
|---|---|
| ID | 1051 |
| Name | Create LocalSubjectAccessReviews (check permissions in a namespace) |
| Risk Category | Information Disclosure |
| Risk Level | Low |
| Role Type | Role |
| API Groups | authorization.k8s.io |
| Resources | localsubjectaccessreviews |
| Verbs | create |
| Tags | InformationDisclosure RBACQuery |
Description
Allows submitting LocalSubjectAccessReview requests to check if an arbitrary user, group, or service account has specific permissions within a particular namespace. This aids in reconnaissance of RBAC permissions within a limited scope.