Skip to content

Cluster-admin binding

Info

ID: MS-TA9019
Tactic: Privilege Escalation
MITRE technique: T1078.003

Role-based access control (RBAC) is a key security feature in Kubernetes. RBAC can restrict the allowed actions of the various identities in the cluster. Cluster-admin is a built-in high privileged role in Kubernetes. Attackers who have permissions to create bindings and cluster-bindings in the cluster can create a binding to the cluster-admin ClusterRole or to other high privileges roles.

Mitigations

ID Mitigation Description
MS-M9003 Adhere to least-privilege principle Review privileged role binding and RBAC settings, restrict permissions to configure rolebinding and clusterrolebinding.