TF 0172 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Manage Kubernetes workloads and pods
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Kubernetes roles or cluster roles are granting permissions to create, update, or delete workloads such as pods and deployments, rather than restricting access to only read operations. This overly broad access can allow unauthorized changes to critical resources.
Impact
If exploited, attackers could deploy malicious workloads, escalate privileges, or take over cluster resources, potentially leading to data theft, service disruption, or full cluster compromise.
Resolution
Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get