Manage Kubernetes workloads and pods
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Kubernetes roles or cluster roles are granting permissions to create, update, or delete workloads such as pods and deployments, rather than restricting access to only read operations. This overly broad access can allow unauthorized changes to critical resources.
Impact#
If exploited, attackers could deploy malicious workloads, escalate privileges, or take over cluster resources, potentially leading to data theft, service disruption, or full cluster compromise.
Resolution#
Kubernetes workloads resources are only allowed for verbs ’list’, ‘watch’, ‘get