services / Google Cloud / Kubernetes Engine Pods

A Kubernetes Pod is a logical host that encapsulates one or more Containers. It is the smallest and most basic unit of deployment. Containers can communicate with each other via localhost. Pod lifecycle is typically managed by a higher level controller, such as a Deployment, StatefulSet, or DaemonSet.

The risks associated with Pods is similar to Deployments, StatefulSets, and DaemonSets. Pods consume CPU, memory, and network resources of the cluster, thus they are susceptible to exhaustion attacks. Containers inside Pods run a specific image, and may lead to arbitrary code execution in the cluster if an attacker is able to run their image. Pods also need access to other resources within the cluster, and outside the cluster, often using other services of the cloud provider. In order to do so, Pods have service account credentials, which, if leaked, allow one to move laterally by authenticating as the service account.

container.​pods.​exec

The exec operation is similar to the `attach` operation, but instead of attaching to an existing process inside the container, it allows launching a new process from a command and attaching to it. Most often this command is opening the shell, dropping an attacker in a terminal inside the container. The risks arising are container and application-specific. However, process run inside the container are authenticated as the service account, leading to privilege escalation, and potentially lateral movement into other cloud services.

Risks

1. Privilege escalation (CRITICAL)
2. Lateral movement (BOOST)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.