TF 0103 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Do not allow role to create ClusterRoleBindings and association with privileged role
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The role configuration allows users to create ClusterRoleBindings and associate them with any privileged ClusterRole, granting broad and potentially dangerous permissions across the cluster. This setup enables escalation of privileges beyond intended access controls.
Impact
If exploited, an attacker could bind themselves or others to highly privileged cluster roles, potentially gaining full administrative control over the Kubernetes cluster. This could lead to unauthorized access, data breaches, or disruption of services.
Resolution
Create a role which does not permit to create role clusterrolebindings and associate to privileged cluster role