Cluster-admin binding
Info
ID: MS-TA9019
Tactic: Privilege Escalation
MITRE technique: T1078.003
Role-based access control (RBAC) is a key security feature in Kubernetes. RBAC can restrict the allowed actions of the various identities in the cluster. Cluster-admin is a built-in high privileged role in Kubernetes. Attackers who have permissions to create bindings and cluster-bindings in the cluster can create a binding to the cluster-admin ClusterRole or to other high privileges roles.
Mitigations
| ID | Mitigation | Description |
|---|---|---|
| MS-M9003 | Adhere to least-privilege principle | Review privileged role binding and RBAC settings, restrict permissions to configure rolebinding and clusterrolebinding. |