Cluster-wide pod attach
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1002 |
| Name | Cluster-wide pod attach |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | pods/attach |
| Verbs | create |
| Tags | ClusterWidePodAttach CodeExecution ElevationOfPrivilege LateralMovement |
Description
Enables attaching to the input/output streams of any pod across the cluster. Similar to exec, this can grant interactive shell access, facilitating code execution, lateral movement, and privilege escalation by interacting with running processes.
Abuse Scenarios
- Attach to a running container’s process to view its output or send input.
kubectl attach -it <pod-name> -n <namespace> -c <container-name>
# Example: Attach to the main container of a web server pod
# kubectl attach -it my-web-server-pod -n default -c web-container