services / Azure / Fleet TrafficManagerProfile resource
A Kubernetes Fleet networking CRD (TrafficManagerProfile) that defines the Azure Traffic Manager DNS-based global routing configuration (routing method, domain, endpoint list) for fleet services.
Data-plane (isDataAction) resource controlling public DNS-based traffic routing of a domain to fleet service endpoints.
Microsoft.ContainerService/managedClusters/networking.fleet.azure.com/trafficManagerProfiles/write
Creating/updating rewrites DNS-based routing and endpoints for the profile's domain, letting an attacker redirect public domain traffic to attacker-controlled targets, alter routing, and extend network reach.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog