TF 0201 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Delete pod logs
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Granting 'delete' or 'deletecollection' permissions on the 'pods/log' resource in Kubernetes Roles or ClusterRoles allows users to remove pod logs, which can obscure important audit trails. This weakens the ability to monitor and investigate cluster activities.
Impact
If exploited, an attacker with these permissions could delete pod logs to hide evidence of malicious actions, hindering incident response and forensic analysis. This could allow security breaches to go undetected and compromise compliance requirements.
Resolution
Remove verbs 'delete' and 'deletecollection' for resource 'pods/log' for Role and ClusterRole