services / Azure / AKS Fleet Manager fleet
An AKS Fleet (Fleet Manager) is a multi-cluster management/orchestration hub that groups and coordinates updates and configuration across member AKS clusters, optionally hosting a managed hub cluster.
Governs centralized orchestration across multiple member AKS clusters.
Microsoft.ContainerService/fleets/listCredentials/action
Returns the fleet hub kubeconfig credential, exporting reusable secret material that grants administrative Kubernetes API access to the fleet and pivots into orchestration across its member clusters.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog