services / Google Cloud / Kubernetes Engine DaemonSets

Control Kubernetes DaemonSets objects in a given cluster.

DaemonSets manage pods, similar to ReplicaSets and StatefulSets. A DaemonSet ensures there is the desired number of pods running on each node. If DaemonSets are allowed to connect to the public internet, it may open up the door for arbitrary code execution for an attacker. See notes on `container/deployments` for mitigations.

container.​daemonSets.​update

An update may let an attacker change the container image that is running inside pods. This may allow arbitrary code execution, if the cluster has access to the public internet. The code will execute with service account privileges, leading to new permissions that may allow access to other GCP services. Since DaemonSet runs a pod on multiple nodes, DaemonSets are especially great for a complete cluster takeover. Secondly, DaemonSet pods drain the limited resources available to other Kubernetes workloads.

Risks

1. Infrastructure destruction (HIGH)
2. Network destruction (HIGH)
3. Lateral movement (BOOST)
4. Network movement (BOOST)
5. Resource hijacking (MEDIUM)
6. Spend (MEDIUM)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.