⚠
BowTie Risk
Assessments
Hazards
Library
Implementations
Guide
← Back
Edit Threat
Name
Category
Tags
(comma-separated)
Description
An adversary may add additional roles or permissions to an adversary-controlled user or service account to maintain persistent access to a container orchestration system. For example, an adversary with sufficient permissions may create a RoleBinding or a ClusterRoleBinding to bind a Role or ClusterRole to a Kubernetes account. Where attribute-based access control (ABAC) is in use, an adversary with sufficient permissions may modify a Kubernetes ABAC policy to give the target account additional p
Save changes
Cancel