services / Google Cloud / Kubernetes Engine StatefulSets

Control Kubernetes StatefulSets objects in a given cluster.

StatefulSets manage Pods, with different guarantees but similar to Deployments, ReplicaSets, and DaemonSets. As such, the primary security concerns are the container images that are running on these Pods, and the resources the Pods consume from the Kubernetes cluster.

container.​statefulSets.​update

An update may set the replica count to 0 which effectively deletes the application. An update may also let an attacker change the container image that is running inside pods, potentially leading to a complete takeover of the Kubernetes cluster. Secondly, increasing the replica count in StatefulSets may cause disruption to stateful services, depending on the behavior of the stateful service in a scaling event. Scaling may drain the limited resources available to other Kubernetes workloads. Also, persistent volumes may be attached to the Pods, which may provide access to sensitive data.

Risks

1. Data exfiltration (CRITICAL)
2. Infrastructure destruction (HIGH)
3. Network destruction (HIGH)
4. Lateral movement (BOOST)
5. Network movement (BOOST)
6. Resource hijacking (MEDIUM)
7. Spend (MEDIUM)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.