Read pod logs cluster-wide
Information Disclosure
High
Overview
| Field | Value |
|---|---|
| ID | 1018 |
| Name | Read pod logs cluster-wide |
| Risk Category | Information Disclosure |
| Risk Level | High |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | pods/log |
| Verbs | get |
| Tags | ClusterWideLogAccess DataExposure InformationDisclosure |
Description
Allows accessing logs from any pod across all namespaces in the cluster. This can lead to information disclosure if logs contain sensitive data, credentials, or operational details that could be exploited.
Abuse Scenarios
- Retrieve logs from a specific pod in any namespace.
kubectl logs <pod-name> -n <namespace>
# Example: kubectl logs coredns-xxxx-yyyy -n kube-system
- Retrieve logs from all containers in a multi-container pod.
kubectl logs <pod-name> -n <namespace> --all-containers
# Example: kubectl logs my-app-pod -n default --all-containers