Do not allow role to create ClusterRoleBindings and association with privileged role
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The role configuration allows users to create ClusterRoleBindings and associate them with any privileged ClusterRole, granting broad and potentially dangerous permissions across the cluster. This setup enables escalation of privileges beyond intended access controls.
Impact#
If exploited, an attacker could bind themselves or others to highly privileged cluster roles, potentially gaining full administrative control over the Kubernetes cluster. This could lead to unauthorized access, data breaches, or disruption of services.
Resolution#
Create a role which does not permit to create role clusterrolebindings and associate to privileged cluster role