Create CertificateSigningRequests
Spoofing
Medium
Overview
| Field | Value |
|---|---|
| ID | 1053 |
| Name | Create CertificateSigningRequests |
| Risk Category | Spoofing |
| Risk Level | Medium |
| Role Type | ClusterRole |
| API Groups | certificates.k8s.io |
| Resources | certificatesigningrequests |
| Verbs | create |
| Tags | CSRCreation PotentialPrivilegeEscalation Spoofing |
Description
Allows creating CertificateSigningRequests. While creating a CSR itself isn’t immediately dangerous, if an overly permissive or automated signer approves it, it can lead to the issuance of a certificate with unintended privileges, facilitating spoofing or potential privilege escalation.