Watch All Resources in a Namespace (Broad Information Disclosure)
Information Disclosure
High
Overview
| Field | Value |
|---|---|
| ID | 1103 |
| Name | Watch All Resources in a Namespace (Broad Information Disclosure) |
| Risk Category | Information Disclosure |
| Risk Level | High |
| Role Type | Role |
| API Groups | * |
| Resources | * |
| Risky Verb Combinations | [watch] |
| Tags | DataExposure InformationDisclosure Reconnaissance |
Description
Allows using the ‘watch’ verb on all resources (’*’) within a specific namespace. This provides an attacker with a real-time stream of all changes occurring to any resource in that namespace, offering extensive intelligence for further exploitation, understanding application behavior, or identifying sensitive data flows.
Abuse Scenarios
- Watch all resource changes in a specific namespace in real-time.
kubectl get all -n <namespace> --watch
# Example: kubectl get all -n default --watch