services / Kubernetes / ClusterRoleBindings

A ClusterRoleBinding is used to associate a ClusterRole with one or more principals (users, groups, or service accounts). It establishes a connection between a set of permissions defined in a ClusterRole and the entities that should have those permissions. ClusterRoles are scoped to the entire Kubernetes cluster.

ClusterRoles are only definitions of permissions. A role does not take effect unless assigned to principal via a ClusterRoleBinding.


rbac.​authorization.​k8s.​io/​clusterrolebindings.​delete

Deleting a ClusterRoleBinding removes the permissions of the ClusterRole from a list of principals

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog