Read events cluster-wide
Information Disclosure
Medium
Overview
| Field | Value |
|---|---|
| ID | 1070 |
| Name | Read events cluster-wide |
| Risk Category | Information Disclosure |
| Risk Level | Medium |
| Role Type | ClusterRole |
| API Groups | core, events.k8s.io |
| Resources | events |
| Risky Verb Combinations | [get, list, watch] · [list, watch] |
| Tags | InformationDisclosure OperationalData Reconnaissance |
Description
Allows reading all events across all namespaces. Events can reveal sensitive operational information, error messages, pod creation/deletion activity, image names, and other details that could aid an attacker in reconnaissance or identifying vulnerabilities.
Abuse Scenarios
- List all events across all namespaces.
kubectl get events --all-namespaces
- Watch events in real-time across all namespaces.
kubectl get events --all-namespaces --watch