Read All ResourceQuotas (Cluster-wide Information Disclosure)
Information Disclosure
Medium
Overview
| Field | Value |
|---|---|
| ID | 1089 |
| Name | Read All ResourceQuotas (Cluster-wide Information Disclosure) |
| Risk Category | Information Disclosure |
| Risk Level | Medium |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | resourcequotas |
| Risky Verb Combinations | [get, list, watch] · [list, watch] |
| Tags | InformationDisclosure QuotaTampering Reconnaissance ResourceConfiguration |
Description
Allows reading ResourceQuota objects across all namespaces. This provides a comprehensive view of resource limits cluster-wide, aiding attackers in identifying broadly constrained or privileged namespaces and overall resource allocation strategies.
Abuse Scenarios
- List all ResourceQuotas across all namespaces.
kubectl get resourcequotas --all-namespaces