services / Azure / AKS managed namespaces
A managed namespace of an AKS managed cluster - an Azure-managed Kubernetes namespace with its quotas, network policy, isolation, and default settings governing how workloads run within that namespace.
Control-plane configuration of cluster tenancy boundaries; the read returns configuration metadata only, while write/delete and credential listing escalate sharply.
Microsoft.ContainerService/managedClusters/managedNamespaces/listCredential/action
Returns a usable namespace-scoped kubeconfig, exporting credential material that grants the attacker authenticated in-cluster access and lateral movement as that identity.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security