Tags

InformationDisclosure [90] DataExposure [82] ConfigMapAccess [74] Tampering [79] PotentialPrivilegeEscalation [78] CredentialAccess [74] SecretAccess [72] Reconnaissance [74] ClusterWideSecretAccess [62] DenialOfService [66] Persistence [63] ClusterStructure [55] PrivilegeEscalation [63] WorkloadLifecycle [50] RBACQuery [51] ControlPlaneDisruption [44] NetworkManipulation [44] LateralMovement [42] WildcardPermission [38] ServiceExposure [42] ResourceConfiguration [29] WorkloadExecution [41] QuotaTampering [28] CriticalNamespace [42] OperationalData [36] WebhookReconnaissance [27] ClusterWideAccess [35] IdentityManagement [33] NodeAccess [34] ResourceNameRestricted [38] BindingToPrivilegedRole [27] RBACManipulation [27] ClusterAdminAccess [25] TrafficRedirection [16] LogAccess [26] CodeExecution [20] PodExec [20] AvailabilityImpact [20] ManInTheMiddle [15] Spoofing [13] Impersonation [12] ClusterWidePodExec [16] ElevationOfPrivilege [16] ResourceDeletion [17] ClusterWideLogAccess [20] NamespaceLifecycle [15] LeaderElectionAbuse [17] NetworkPolicyManagement [11] StorageDetailsDisclosure [15] PodPortForward [9] WebhookManipulation [13] CRDManipulation [13] PodAttach [8] NamespaceAdmin [8] DataLoss [10] ResourceModification [8] StorageManipulation [9] ClusterWidePodPortForward [7] APIServiceManipulation [5] ControllerRevisionTampering [6] SelfPermissionReviewQuery [6] TokenCreation [6] CertificateManagement [6] ClusterWidePodAttach [6] NodeManipulation [6] SchedulingAbuse [6] CSRCreation [6] CSRApproval [5] APIServerDoS [4] BackupAccess [4] NamespaceWideAccess [6] DeprecatedFeature [6] PodSecurityPolicy [6] WorkloadDeployment [3]