Manage Endpoints or EndpointSlices cluster-wide
NetworkManipulation
Critical
Overview
| Field | Value |
|---|---|
| ID | 1073 |
| Name | Manage Endpoints or EndpointSlices cluster-wide |
| Risk Category | NetworkManipulation |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | core, discovery.k8s.io |
| Resources | endpoints, endpointslices |
| Verbs | create, update, patch, delete, get, list |
| Tags | DenialOfService ManInTheMiddle NetworkManipulation Tampering TrafficRedirection |
Description
Allows creating, updating, or deleting Endpoints/EndpointSlices for services across all namespaces. This can be used to redirect traffic intended for legitimate services to malicious pods (Man-in-the-Middle), cause denial of service, or bypass network policies.