H3-2024-0058¶

Improper use of K8S Cluster Admin Access

Description¶

A kubernetes identity was identified with the a role attached that has administrative access.

Impact¶

The policy allows the identity to perform any action on any resource, giving an attacker full control over a kubernetes cluster.

References¶

• Role Based Access Control Good Practices
• MITRE ATT&CK Technique: T1078: Valid Accounts
• MITRE ATT&CK Technique: T1609: Container Administration Command