Tags

InformationDisclosure [113] DataExposure [101] ConfigMapAccess [92] Reconnaissance [96] CredentialAccess [94] SecretAccess [91] Tampering [92] ClusterStructure [77] PotentialPrivilegeEscalation [91] ClusterWideSecretAccess [78] LateralMovement [75] Persistence [75] PrivilegeEscalation [81] NodeAccess [68] CodeExecution [54] DenialOfService [81] ClusterAdminAccess [61] ElevationOfPrivilege [51] ResourceConfiguration [40] WildcardPermission [63] QuotaTampering [39] WorkloadLifecycle [59] AuthorizationBypass [44] NetworkManipulation [59] RBACQuery [63] WebhookReconnaissance [46] ResourceNameRestricted [64] ServiceExposure [56] OperationalData [52] WorkloadExecution [53] ClusterWideAccess [57] ControlPlaneDisruption [55] LogAccess [36] TrafficRedirection [31] PodExec [27] IdentityManagement [38] CriticalNamespace [49] BindingToPrivilegedRole [34] ManInTheMiddle [24] RBACManipulation [34] AvailabilityImpact [26] PodPortForward [14] PodAttach [11] DeprecatedFeature [25] PodSecurityPolicy [25] ClusterWideLogAccess [25] ClusterWidePodExec [21] StorageDetailsDisclosure [23] Spoofing [22] ResourceDeletion [25] LeaderElectionAbuse [20] NamespaceLifecycle [22] NetworkPolicyManagement [16] Impersonation [18] NamespaceAdmin [19] WebhookManipulation [17] CRDManipulation [21] ClusterWidePodPortForward [10] DataLoss [12] ResourceModification [11] CertificateManagement [9] CSRCreation [10] SelfPermissionReviewQuery [9] ControllerRevisionTampering [8] TokenCreation [8] APIServiceManipulation [7] StorageManipulation [11] ClusterWidePodAttach [7] NodeManipulation [8] SchedulingAbuse [8] CSRApproval [7] APIServerDoS [5] BackupAccess [5] NamespaceWideAccess [15] WorkloadDeployment [6]