[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-05 (世界標準時間)。"],[],[],null,["| Premium and Enterprise [service tiers](/security-command-center/docs/service-tiers)\n\nThis document describes a threat finding type in Security Command Center. Threat findings are generated by\n[threat detectors](/security-command-center/docs/concepts-security-sources#threats) when they detect\na potential threat in your cloud resources. For a full list of available threat findings, see [Threat findings index](/security-command-center/docs/threat-findings-index).\n\nOverview\n\nSomeone created an RBAC `ClusterRoleBinding` that references the default\n`system:controller:clusterrole-aggregation-controller` `ClusterRole`. This\ndefault `ClusterRole` has the `escalate` verb, which allows subjects to modify\nthe privileges of their own roles, allowing for privilege escalation. For more\ndetails, see the log message for this alert.\n\nHow to respond\n\nTo respond to this finding, do the following:\n\n1. Review any `ClusterRoleBinding` that references the `system:controller:clusterrole-aggregation-controller` `ClusterRole`.\n2. Review any modifications to the `system:controller:clusterrole-aggregation-controller` `ClusterRole`.\n3. Determine whether there are other signs of malicious activity by the principal who created the `ClusterRoleBinding` in the audit logs in Cloud Logging.\n\nWhat's next\n\n- Learn [how to work with threat\n findings in Security Command Center](/security-command-center/docs/how-to-investigate-threats).\n- Refer to the [Threat findings index](/security-command-center/docs/threat-findings-index).\n- Learn how to [review a\n finding](/security-command-center/docs/how-to-investigate-threats#reviewing_findings) through the Google Cloud console.\n- Learn about the [services that\n generate threat findings](/security-command-center/docs/concepts-security-sources#threats)."]]
