Exec into Pods

Property	Value
Language
Severity
Vulnerability Type	omission

Description

Granting write or exec permissions to 'pods/exec' in Kubernetes roles or cluster roles allows users to execute commands inside running containers, potentially with elevated privileges. This misconfiguration creates a pathway for privilege escalation within the cluster.

Impact

An attacker exploiting this vulnerability could gain shell access to containers, escalate privileges to cluster-admin, access sensitive data, disrupt workloads, or take control of the entire Kubernetes cluster, leading to data breaches or service outages.

Resolution

Remove write permission verbs for resource 'pods/exec