Do not allow role binding creation and association with privileged role/clusterrole
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The role is configured to allow the creation of role bindings and association with privileged roles or cluster roles, granting excessive permissions that can be abused to escalate privileges within the Kubernetes cluster.
Impact#
If exploited, attackers could bind themselves or others to highly privileged roles, gaining unauthorized access and control over cluster resources, potentially leading to data breaches, service disruption, or full cluster compromise.
Resolution#
Create a role which does not permit creation of role bindings and associating with privileged cluster role