services / Google Cloud / Kubernetes Jobs

A Kubernetes Job is a type of controller that runs one or more Pods until they successfully complete, by retrying (restarting) the Pods if necessary. The Pod and its resources are released when the Job completes. Jobs are typically used for batch processes, report generation or maintenance tasks.

The security implications of Jobs are similar to other controllers, like Deployments. Jobs ultimately lead to running a container image, and may allow arbitrary code execution in the cluster. That code runs with the service-account privileges that the Pod runs with, thus may lead to privilege escalation. Creating Jobs drains the limited resources available to other Kubernetes workloads. Attaching Persistent Volumes to a Job may expose the data on that volume to attackers.

container.​jobs.​update

An update may suspend the job which prevents the controller from creating Pods, effectively disabling the Job. An update may also let an attacker change the container image that is running inside pods, potentially leading to a arbitrary code execution. Secondly, increasing the parallelism in Jobs or the amount of resources dedicated to Pods drains the limited resources available to other Kubernetes workloads. Also, persistent volumes may be attached to the Pods, which may provide access to sensitive data.

Risks

1. Data exfiltration (CRITICAL)
2. Infrastructure destruction (HIGH)
3. Lateral movement (BOOST)
4. Network movement (BOOST)
5. Resource hijacking (MEDIUM)
6. Spend (MEDIUM)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links