services / Azure / Kubernetes ConfigMaps (AKS)
Kubernetes ConfigMaps store non-secret application and cluster configuration (settings, endpoints, scripts) consumed by workloads in an AKS managed cluster.
Although not formal Secrets, ConfigMaps frequently contain sensitive operational data and misplaced credentials/connection strings, and config like CoreDNS or app settings is consumed/executed by pods.
Microsoft.ContainerService/managedClusters/configmaps/delete
Destroys configuration data that workloads depend on, removing operational data and disrupting dependent services.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog