Exec into Pods
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Granting write or exec permissions to ‘pods/exec’ in Kubernetes roles or cluster roles allows users to execute commands inside running containers, potentially with elevated privileges. This misconfiguration creates a pathway for privilege escalation within the cluster.
Impact#
An attacker exploiting this vulnerability could gain shell access to containers, escalate privileges to cluster-admin, access sensitive data, disrupt workloads, or take control of the entire Kubernetes cluster, leading to data breaches or service outages.
Resolution#
Remove write permission verbs for resource ‘pods/exec