services / Kubernetes / Deployments
Control Kubernetes Deployment objects.
Deployments are declarative updates to Kubernetes Pods and ReplicaSets. They provide an abstraction layer that allows services to discover and connect to pods running within a Deployment. Applications can scale, load balance, and seamlessly handle changes in the underlying pod instances. Access to Deployments is sensitive because they are a primary interface for controlling applications running on Kubernetes. A Deployment specifies the container image to run, and may lead to arbitrary code execution in the cluster. A good mitigation strategy is to make Kubernetes clusters private, which effectively disables pulling images over the internet. Secondly, creating or updating the replica count of Deployments drains the limited resources available to other Kubernetes workloads.
apps/deployments.update
An update may set the replica count to 0 which effectively deletes the application. An update may also let an attacker change the container image that is running inside pods, potentially leading to a complete takeover of the Kubernetes cluster. Secondly, increasing the replica count in Deployments drains the limited resources available to other Kubernetes workloads. Also, persistent volumes may be attached to the Pods, which may provide access to sensitive data.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security