can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

patch pods/status

Verb: patch

Resource: pods/status

Description: Modify the status of pods

Abuses

Information Disclosure

Match a pod's label with another pod's label to receive network traffic intended for that pod.

Lateral Movement

Modify a pod's scheduling constraints, such as nodeAffinity and nodeSelectors, so that it will be scheduled on an attacker-controlled node.

← Back to overview