Read CSIStorageCapacities (Namespace Storage Reconnaissance)
Information Disclosure
Low
Overview
| Field | Value |
|---|---|
| ID | 1101 |
| Name | Read CSIStorageCapacities (Namespace Storage Reconnaissance) |
| Risk Category | Information Disclosure |
| Risk Level | Low |
| Role Type | Role |
| API Groups | storage.k8s.io |
| Resources | csistoragecapacities |
| Verbs | get, list, watch |
| Tags | InformationDisclosure Reconnaissance StorageDetailsDisclosure |
Description
Allows reading CSIStorageCapacity objects, usually within a namespace. These objects provide information about the storage capacity available through CSI drivers for specific storage classes. This can help attackers understand storage limits and potentially identify underutilized or overallocated storage.
Abuse Scenarios
- List all CSIStorageCapacity objects in a specific namespace.
kubectl get csistoragecapacities -n <namespace>
# Example: kubectl get csistoragecapacities -n default
- Get the YAML definition of a specific CSIStorageCapacity.
kubectl get csistoragecapacity <csistoragecapacity-name> -n <namespace> -o yaml
# Example: kubectl get csistoragecapacity my-storage-capacity -n default -o yaml