Manage PodDisruptionBudgets cluster-wide

Overview

Field	Value
ID	1079
Name	Manage PodDisruptionBudgets cluster-wide
Risk Category	Denial of Service
Risk Level	Medium
Role Type	ClusterRole
API Groups	policy
Resources	poddisruptionbudgets
Verbs	create, update, patch, delete
Tags	AvailabilityImpact DenialOfService Tampering

Description

Allows creating, updating, or deleting PodDisruptionBudgets (PDBs) cluster-wide. Maliciously configured PDBs (e.g., setting maxUnavailable to 0 for critical components) can prevent voluntary disruptions, or conversely, allow too many disruptions, leading to denial of service or impacting application availability.