[QUESTION] [k8s] Cluster admin binding

DataDog / stratus-red-team

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

https://stratus-red-team.cloud

Apache License 2.0

1.83k stars 215 forks source link

Closed loresuso closed 8 months ago

loresuso commented 1 year ago

Would it make sense to implement a technique to create a role binding to a cluster role?

christophetd commented 1 year ago

Would that be a situation where:

An existing role (e.g. "unprivileged") exists and has some level of permissions in a namespace
As an attacker, you create a ClusterRoleBinding to make it admin at the cluster level?

christophetd commented 8 months ago

closing for inactivity but feel free to reopen

loresuso commented 8 months ago

Hi @christophetd, sorry about the inactivity! I will reopen it once I will have more bandwidth for this, thanks!