services / Azure / Kubernetes role bindings (AKS Fleet)
Kubernetes RoleBinding objects in an AKS Fleet cluster, which grant the permissions of a Role or ClusterRole to subjects (users, groups, service accounts) within a namespace.
RoleBindings are the access-control grants that map identities to RBAC roles; creating them can bind a controlled identity to cluster-admin, an access-control asset treated as CRITICAL.
Microsoft.ContainerService/fleets/rbac.authorization.k8s.io/rolebindings/delete
Deleting RoleBindings removes RBAC grants, destroying access-control policy and revoking legitimate principals' authorized access.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security