services / Azure / Kubernetes ConfigMaps
Kubernetes ConfigMap objects within a Fleet member cluster. ConfigMaps store non-confidential application and cluster configuration as key-value data consumed by workloads.
Although intended for non-secret config, ConfigMaps very frequently contain sensitive values (connection strings, endpoints, tokens, and misplaced credentials), so they are treated as sensitive configuration data.
Microsoft.ContainerService/fleets/members/configmaps/write
Writing ConfigMaps lets an attacker alter configuration consumed by workloads — injecting malicious settings, redirecting endpoints, or poisoning application behavior.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security