Controller of pods that has a wildcard (""*"") in its role verbs or resources

Lateral movement

Controller of pods that has a wildcard (“”*””) in its role verbs or resources

Platform(s)

Compliance Frameworks

AKS CIS
Brazilian General Data Protection (LGPD)
CCPA
CPRA
EKS CIS
essential_8_au
GDPR
GKE CIS
iso_27001_2022
iso_27002_2022
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
pipeda
UK Cyber Essentials

Description

Controllers are responsible for pods state using a declaration of pod definition. Pods utilize a service account associated with them to communicate with the Kubernetes API, and that service account is mounted by default to any newly created containers. Orca has detected that the Controller {K8sController} creates pods with a service account with either the ""Verb"" or the ""resource"" sections are using a wildcard (""*"") in their role definition. An attacker with access to the pod's container can extract the service account token and impersonate to it in order to gather information about the cluster and potentially gain higher privileges using the service account token.

Controller of pods that has a wildcard (“”*””) in its role verbs or resources

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS