Manage Kubernetes RBAC resources
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Granting write permissions (such as create, update, or delete) on Kubernetes ‘roles’ or ‘rolebindings’ resources provides users with access equivalent to cluster-admin. This allows broad and unrestricted management of access controls within the cluster.
Impact#
If exploited, attackers or unauthorized users could escalate privileges, modify or assign roles, and gain full control over the Kubernetes cluster, leading to potential data breaches, service disruptions, or complete compromise of workloads and sensitive resources.
Resolution#
Remove write permission verbs for resource ‘roles’ and ‘rolebindings