Read LimitRanges (Namespace Information Disclosure)
Information Disclosure
Low
Overview
| Field | Value |
|---|---|
| ID | 1087 |
| Name | Read LimitRanges (Namespace Information Disclosure) |
| Risk Category | Information Disclosure |
| Risk Level | Low |
| Role Type | Role |
| API Groups | core |
| Resources | limitranges |
| Risky Verb Combinations | [get, list, watch] · [list, watch] |
| Tags | InformationDisclosure Reconnaissance ResourceConfiguration |
Description
Allows reading LimitRange objects within a namespace. This can reveal resource constraints for pods and containers, helping attackers understand default resource allocations and potentially tailor resource exhaustion attacks or identify tightly constrained environments.
Abuse Scenarios
- List all LimitRanges in a specific namespace.
kubectl get limitranges -n <namespace>
# Example: kubectl get limitranges -n default
- Get the YAML definition of a specific LimitRange.
kubectl get limitrange <limitrange-name> -n <namespace> -o yaml
# Example: kubectl get limitrange default-limits -n default -o yaml