Read ResourceQuotas (Namespace Information Disclosure)
Information Disclosure
Low
Overview
| Field | Value |
|---|---|
| ID | 1088 |
| Name | Read ResourceQuotas (Namespace Information Disclosure) |
| Risk Category | Information Disclosure |
| Risk Level | Low |
| Role Type | Role |
| API Groups | core |
| Resources | resourcequotas |
| Risky Verb Combinations | [get, list, watch] · [list, watch] |
| Tags | InformationDisclosure QuotaTampering Reconnaissance ResourceConfiguration |
Description
Allows reading ResourceQuota objects within a namespace. This reveals configured resource limits for the namespace, aiding attackers in understanding constraints and potentially tailoring resource exhaustion or identifying high-value namespaces.
Abuse Scenarios
- List all ResourceQuotas in a specific namespace.
kubectl get resourcequotas -n <namespace>
# Example: kubectl get resourcequotas -n production
- Get the YAML definition of a specific ResourceQuota.
kubectl get resourcequota <resourcequota-name> -n <namespace> -o yaml
# Example: kubectl get resourcequota compute-resources -n production -o yaml