services / Azure / Kubernetes RoleBindings (AKS)
In-cluster Kubernetes RBAC RoleBinding objects that bind subjects (users, groups, service accounts) to Roles/ClusterRoles within an AKS managed cluster, governing who can perform which actions in the cluster.
Cluster RBAC is the primary access-control mechanism for the cluster; binding a subject to a privileged role (e.g. cluster-admin) yields full control of the cluster and its workloads/data.
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/rolebindings/write
Creating/updating a RoleBinding lets an attacker bind any subject (including their own identity) to any role up to cluster-admin, the canonical Kubernetes privilege-escalation primitive.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security