services / Azure / Kubernetes ClusterRoleBindings
A ClusterRoleBinding is a cluster-scoped Kubernetes RBAC object that binds a subject (user, group, or service account) to a ClusterRole, granting that subject the role's permissions across the entire cluster.
ClusterRoleBindings are the core cluster-wide access-control bindings of Kubernetes (the analog of Azure roleAssignments); they can confer cluster-admin, so the asset is cluster-wide identity and access-control data.
Microsoft.ContainerService/aiManagers/rbac.authorization.k8s.io/clusterrolebindings/delete
Deleting a ClusterRoleBinding destroys a cluster-wide access-control binding, stripping legitimate principals (including defenders) of their access while tearing down grants that would otherwise constrain the attacker.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security