RBAC Roles Allow Privilege Escalation
- Query id: 8320826e-7a9c-4b0b-9535-578333193432
- Query name: RBAC Roles Allow Privilege Escalation
- Platform: Kubernetes
- Severity: Medium
- Category: Access Control
- URL: Github
Description¶
Roles or ClusterRoles with RBAC permissions 'bind' or 'escalate' allow subjects to create new bindings with other roles. This is dangerous, as users with these privileges can bind to roles that may exceed their own privileges
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rbac-binder
rules:
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles"]
verbs: ["bind"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings"]
verbs: ["create"]