H3-2024-0059¶

Kubernetes Service Account Can Execute Code in Pods

Description¶

The Kubernetes service account has permission to execute commands against a pod, allowing it to read any sensitive data within the pod and potentially escalate privileges.

Impact¶

An attacker who abuses this vulnerability is able to take over the Kubernetes pod, abusing it and its data for privilege escalation.

References¶

• Kubernetes Service Account Permissions
• MITRE ATT&CK Technique: T1078: Valid Accounts
• MITRE ATT&CK Technique: T1609: Container Administration Command