Manage NetworkPolicies cluster-wide
NetworkManipulation
Critical
Overview
| Field | Value |
|---|---|
| ID | 1071 |
| Name | Manage NetworkPolicies cluster-wide |
| Risk Category | NetworkManipulation |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | networking.k8s.io |
| Resources | networkpolicies |
| Verbs | create, update, patch, delete |
| Tags | DenialOfService LateralMovement NetworkManipulation NetworkPolicyManagement Tampering |
Description
Allows creating, modifying, or deleting NetworkPolicies in any namespace. This can be used to disable network segmentation, allow/deny traffic to sensitive pods, or isolate critical components, leading to information disclosure, lateral movement, or denial of service.