Wildcard permission on all resources in a namespace (Namespace Admin)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1061 |
| Name | Wildcard permission on all resources in a namespace (Namespace Admin) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | Role |
| API Groups | * |
| Resources | * |
| Verbs | * |
| Tags | DenialOfService InformationDisclosure NamespaceAdmin PotentialPrivilegeEscalation Spoofing (+2 more) |
Description
Grants unrestricted, wildcard (’*’) access to all API groups, resources, and verbs within a specific namespace. This provides full administrative control over that namespace and can often be leveraged to escalate privileges to cluster-wide admin depending on the cluster configuration and installed operators.