Create pods in a namespace
Elevation of Privilege
High
Overview
| Field | Value |
|---|---|
| ID | 1007 |
| Name | Create pods in a namespace |
| Risk Category | Elevation of Privilege |
| Risk Level | High |
| Role Type | Role |
| API Groups | core |
| Resources | pods |
| Verbs | create |
| Tags | LateralMovement Persistence PotentialPrivilegeEscalation WorkloadExecution |
Description
Grants permission to create new pods within a specific namespace. This can lead to privilege escalation if allowed to create pods with hostPath mounts, privileged security context, or access to sensitive service accounts within that namespace. It also enables workload execution and potential persistence.