Cluster-wide pod port-forward
Information Disclosure
High
Overview
| Field | Value |
|---|---|
| ID | 1004 |
| Name | Cluster-wide pod port-forward |
| Risk Category | Information Disclosure |
| Risk Level | High |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | pods/portforward |
| Verbs | create |
| Tags | ClusterWidePodPortForward LateralMovement NetworkManipulation |
Description
Grants the ability to forward local ports to ports on any pod across the cluster. This can expose internal services, facilitate lateral movement by bypassing network policies, and lead to information disclosure from otherwise inaccessible applications.
Abuse Scenarios
- Forward a local port to a port on a specific pod.
kubectl port-forward <pod-name> -n <namespace> <local-port>:<pod-port>
# Example: Forward local port 8080 to port 80 of a database pod
# kubectl port-forward my-db-pod-abc -n production 8080:5432
# Then access via: curl http://localhost:8080