TF 0408 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Do not allow role binding creation and association with privileged role/clusterrole
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The role is configured to allow the creation of role bindings and association with privileged roles or cluster roles, granting excessive permissions that can be abused to escalate privileges within the Kubernetes cluster.
Impact
If exploited, attackers could bind themselves or others to highly privileged roles, gaining unauthorized access and control over cluster resources, potentially leading to data breaches, service disruption, or full cluster compromise.
Resolution
Create a role which does not permit creation of role bindings and associating with privileged cluster role