Delete pod logs
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Granting ‘delete’ or ‘deletecollection’ permissions on the ‘pods/log’ resource in Kubernetes Roles or ClusterRoles allows users to remove pod logs, which can obscure important audit trails. This weakens the ability to monitor and investigate cluster activities.
Impact#
If exploited, an attacker with these permissions could delete pod logs to hide evidence of malicious actions, hindering incident response and forensic analysis. This could allow security breaches to go undetected and compromise compliance requirements.
Resolution#
Remove verbs ‘delete’ and ‘deletecollection’ for resource ‘pods/log’ for Role and ClusterRole