Manage ETCDSnapshotFiles (k3s.cattle.io)
Information Disclosure
Critical
Overview
| Field | Value |
|---|---|
| ID | 1065 |
| Name | Manage ETCDSnapshotFiles (k3s.cattle.io) |
| Risk Category | Information Disclosure |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | k3s.cattle.io |
| Resources | etcdsnapshotfiles |
| Verbs | get, list, create, update, delete |
| Tags | BackupAccess ClusterAdminAccess CredentialAccess DataExposure Tampering |
Description
Grants access to manage ETCD snapshot files, typically in a K3s environment. ETCD snapshots contain the entire state of the Kubernetes cluster, including all secrets, configurations, and resource definitions. Access allows complete data exposure, credential harvesting, and potentially restoring a compromised state or tampering with backups.
Abuse Scenarios
- List all ETCD snapshot files.
kubectl get etcdsnapshotfiles
- Delete an ETCD snapshot file, potentially hindering recovery or causing data loss.
kubectl delete etcdsnapshotfile <snapshot-file-name>
# Example: kubectl delete etcdsnapshotfile etcd-snapshot-12345