Cluster-wide pod exec

Overview

Field	Value
ID	1000
Name	Cluster-wide pod exec
Risk Category	Elevation of Privilege
Risk Level	Critical
Role Type	ClusterRole
API Groups	core
Resources	pods/exec
Verbs	create
Tags	ClusterWidePodExec CodeExecution ElevationOfPrivilege LateralMovement

Description

Allows executing commands within any pod across the entire cluster. This provides direct shell access to running containers, enabling code execution, lateral movement, and potential privilege escalation by compromising sensitive workloads or accessing node resources.