Namespaced pod attach
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1003 |
| Name | Namespaced pod attach |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | core |
| Resources | pods/attach |
| Risky Verb Combinations | [create] |
| Tags | CodeExecution LateralMovement PodAttach PotentialPrivilegeEscalation |
Description
Allows attaching to the input/output streams of pods within a specific namespace. This can provide interactive access to containers in that namespace, risking code execution, lateral movement, and potential privilege escalation through compromised workloads.
Abuse Scenarios
- Attach to a running container’s process within the namespace.
kubectl attach -it <pod-name> -n <namespace> -c <container-name>
# Example: Attach to a logging agent pod in the 'monitoring' namespace
# kubectl attach -it fluentd-xyz -n monitoring -c fluentd