Do not allow privilege escalation from node proxy
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Kubernetes roles or cluster roles are configured to allow ‘get’ or ‘create’ access on the ’nodes/proxy’ resource, which can enable privilege escalation through the node proxy feature. This grants users unnecessary or overly broad access to node-level operations.
Impact#
If exploited, an attacker could use the node proxy to access or control Kubernetes nodes directly, potentially gaining access to sensitive data, executing arbitrary commands, or escalating privileges across the cluster, severely compromising cluster security.
Resolution#
Create a role which does not permit privilege escalation from node proxy