H3-2024-0054¶

Kubernetes Identity can Create a Pod and Escape to the Node

Description¶

The Kubernetes identity has permission to create a pod in the Kubernetes cluster, allowing it to deploy a privileged prod that can then escape to the Kubernetes node.

Impact¶

An attacker who abuses this vulnerability is able to take over the Kubernetes node, including all of the pods that are running on the node.

References¶

• Kubernetes Security Context
• MITRE ATT&CK Technique: T1611: Escape to Host
• MITRE ATT&CK Technique: T1609: Container Administration Command