Manage Kubernetes networking
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Granting broad permissions to manage Kubernetes networking resources (like services, endpoints, network policies, or ingresses) enables users to alter network traffic flows or bypass network restrictions, creating opportunities for interception or lateral movement within the cluster.
Impact#
If exploited, attackers with these permissions could reroute or intercept service traffic, expose sensitive data, or move laterally between pods, leading to data breaches or compromise of other services within the Kubernetes environment.
Resolution#
Networking resources are only allowed for verbs ’list’, ‘watch’, ‘get