Read RBAC configuration cluster-wide

Overview

Field	Value
ID	1077
Name	Read RBAC configuration cluster-wide
Risk Category	Information Disclosure
Risk Level	Medium
Role Type	ClusterRole
API Groups	rbac.authorization.k8s.io
Resources	clusterroles, roles, clusterrolebindings, rolebindings
Verbs	get, list, watch
Tags	InformationDisclosure RBACQuery Reconnaissance

Description

Allows listing and getting all ClusterRoles, Roles, ClusterRoleBindings, and RoleBindings. This provides full visibility into the cluster’s authorization model, aiding attackers in finding privilege escalation paths or understanding defenses.

Abuse Scenarios

List all ClusterRoles in the cluster.

kubectl get clusterroles

List all RoleBindings across all namespaces.

kubectl get rolebindings --all-namespaces

Get the YAML definition of a specific ClusterRole.

kubectl get clusterrole <clusterrole-name> -o yaml
# Example: kubectl get clusterrole cluster-admin -o yaml