services / Azure / Kubernetes ClusterRoleBindings (Fleet)
ClusterRoleBindings are cluster-wide Kubernetes RBAC objects that bind subjects (users, groups, service accounts) to ClusterRoles, granting cluster-scoped permissions across an AKS Fleet's member clusters.
Cluster-wide access-control; writing grants cluster-admin (privilege escalation), making this the most security-sensitive RBAC primitive.
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/clusterrolebindings/delete
Deleting ClusterRoleBindings removes cluster-wide RBAC grants, destroying access-control policy and revoking legitimate operators' access (denial-of-access).
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security