Tag

Rbac

3 briefs RSS

Kubernetes Sensitive Role Creation or Modification

This rule detects the creation or modification of Kubernetes Roles or ClusterRoles that grant high-risk permissions, such as wildcard access or RBAC escalation verbs (e.g., bind, escalate, impersonate), potentially leading to privilege escalation or unauthorized access within the cluster.

kubernetes rbac privilege-escalation persistence

2r 2t Mar 5, 2026

medium advisory

Kubernetes Sensitive Role Creation or Modification

2 rules 2 TTPs

Detects the creation or modification of Kubernetes Roles or ClusterRoles that grant high-risk permissions, such as wildcard access or RBAC escalation verbs, potentially leading to privilege escalation or unauthorized access within the cluster.

Kubernetes rbac privilege-escalation persistence

2r 2t Jan 4, 2024

high advisory

Kubernetes RBAC Wildcard Elevation on Existing Role

2 rules 1 TTP

The rule detects when a Kubernetes Role or ClusterRole is patched or updated to grant wildcard verbs and resources, effectively granting cluster-admin-like privileges, which is often a deliberate privilege expansion and could indicate malicious activity.

kubernetes rbac privilege-escalation

2r 1t Jan 3, 2024