services / Azure / Kubernetes ConfigMaps (Arc-connected cluster)
Kubernetes ConfigMap objects on an Azure Arc-connected cluster, holding non-secret application and component configuration consumed by workloads and controllers.
Though intended for non-secret config, ConfigMaps in practice frequently contain sensitive values (endpoints, tokens, connection strings, CA bundles) and drive runtime behavior of workloads.
Microsoft.Kubernetes/connectedClusters/configmaps/delete
Deleting configmaps removes configuration that workloads and controllers depend on, destroying operational data and breaking or crashing dependent services.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog