services / Azure / Kubernetes RoleBindings (AKS)
In-cluster Kubernetes RBAC RoleBinding objects that bind subjects (users, groups, service accounts) to Roles/ClusterRoles within an AKS managed cluster, governing who can perform which actions in the cluster.
Cluster RBAC is the primary access-control mechanism for the cluster; binding a subject to a privileged role (e.g. cluster-admin) yields full control of the cluster and its workloads/data.
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/rolebindings/delete
Deleting RoleBindings tears down RBAC access-control assignments, destroying policy and revoking legitimate principals' authorized access to the cluster.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security