Cluster-wide pod port-forward
Information Disclosure
High
Overview
| Field | Value |
|---|---|
| ID | 1004 |
| Name | Cluster-wide pod port-forward |
| Risk Category | Information Disclosure |
| Risk Level | High |
| Role Type | ClusterRole |
| API Groups | core |
| Resources | pods/portforward |
| Verbs | create |
| Tags | ClusterWidePodPortForward LateralMovement NetworkManipulation |
Description
Grants the ability to forward local ports to ports on any pod across the cluster. This can expose internal services, facilitate lateral movement by bypassing network policies, and lead to information disclosure from otherwise inaccessible applications.