Manage EKS IAM Auth ConfigMap
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Roles or cluster roles are granted permissions to manage the ‘aws-auth’ ConfigMap in EKS, allowing modification of IAM to Kubernetes RBAC mappings. This exposes critical access controls to unauthorized changes.
Impact#
Exploiting this vulnerability could let attackers escalate privileges, granting themselves or others admin-level access to the Kubernetes cluster by altering RBAC bindings. This compromises cluster security and could lead to full environment takeover.