services / Azure / Kubernetes ConfigMaps

Kubernetes ConfigMap objects within a Fleet member cluster. ConfigMaps store non-confidential application and cluster configuration as key-value data consumed by workloads.

Although intended for non-secret config, ConfigMaps very frequently contain sensitive values (connection strings, endpoints, tokens, and misplaced credentials), so they are treated as sensitive configuration data.


Microsoft.​ContainerService/​fleets/​members/​configmaps/​delete

Deleting ConfigMaps destroys configuration data that workloads depend on, erasing operational config and breaking dependent pods (crash-loops / failed starts).

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ContainerService
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog