Read ComponentStatuses (Control Plane Reconnaissance)
Information Disclosure
Medium
Overview
| Field | Value |
|---|---|
| ID | 1095 |
| Name | Read ComponentStatuses (Control Plane Reconnaissance) |
| Risk Category | Information Disclosure |
| Risk Level | Medium |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | componentstatuses |
| Risky Verb Combinations | [get] · [list] |
| Tags | ControlPlaneDisruption InformationDisclosure Reconnaissance |
Description
Allows reading ComponentStatus objects, which show the health of control plane components like etcd, kube-scheduler, and kube-controller-manager. This can reveal operational weaknesses, vulnerabilities, or misconfigurations in the cluster’s core.
Abuse Scenarios
- List the health status of core Kubernetes components.
kubectl get componentstatuses