Do not allow users in a rolebinding to add other users to their rolebindings
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The role configuration allows users associated with a rolebinding to modify rolebindings, enabling them to add or remove users from privileged roles. This grants users the ability to escalate privileges by altering access controls.
Impact#
If exploited, users could assign themselves or others elevated permissions, potentially leading to unauthorized access, privilege escalation, and compromise of sensitive resources within the Kubernetes cluster.
Resolution#
Create a role which does not permit allowing users in a rolebinding to add other users to their rolebindings if not needed