Namespaced pod exec
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1001 |
| Name | Namespaced pod exec |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | core |
| Resources | pods/exec |
| Verbs | create |
| Tags | CodeExecution LateralMovement PodExec PotentialPrivilegeEscalation |
Description
Permits executing commands within pods in a specific namespace. This grants shell access to containers within that namespace, potentially leading to code execution, lateral movement within the namespace, and privilege escalation if sensitive workloads or service accounts are compromised.
Abuse Scenarios
- Execute a non-interactive command inside a specific pod within the namespace.
bash
kubectl exec <pod-name> -n <namespace> -- cat /etc/passwd
# Example: kubectl exec my-app-pod-xyz -n default -- env
- Obtain an interactive shell inside a specific pod within the namespace.
bash
kubectl exec -it <pod-name> -n <namespace> -- sh
# Example: kubectl exec -it my-database-pod -n production -- bash