Manage ServiceAccounts in a namespace
Elevation of Privilege
Medium
Overview
| Field | Value |
|---|---|
| ID | 1068 |
| Name | Manage ServiceAccounts in a namespace |
| Risk Category | Elevation of Privilege |
| Risk Level | Medium |
| Role Type | Role |
| API Groups | core |
| Resources | serviceaccounts |
| Verbs | create, update, patch, delete |
| Tags | IdentityManagement PotentialPrivilegeEscalation Tampering |
Description
Allows creating, updating, or deleting ServiceAccounts within a specific namespace. This can be used to create SAs within the namespace, which could then be bound to roles for privilege escalation within or from that namespace.