services / Google Cloud / Kubernetes Engine Clusters

Manages Kubernetes clusters on Google Kubernetes Engine

One independent instance of a Kubernetes cluster, consisting of a node-pool and the Kubernetes objects such as deployments, statefulsets, pods, jobs that represents workloads and configuration running on the cluster, managed by Kubernetes.

container.​clusters.​get

Retrieves cluster information including public and private endpoint IP address, and cluster certificate. The information contained allows configuring Kubernetes API access to the cluster, similar to the `container.clusters.getCredentials` permission.

Risks

1. Infrastructure discovery (LOW)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.