Read secrets in a namespace
Information Disclosure
Critical
Overview
| Field | Value |
|---|---|
| ID | 1011 |
| Name | Read secrets in a namespace |
| Risk Category | Information Disclosure |
| Risk Level | Critical |
| Role Type | Role |
| API Groups | core |
| Resources | secrets |
| Verbs | get, list, watch |
| Tags | CredentialAccess DataExposure InformationDisclosure SecretAccess |
Description
Permits reading all secrets within a specific namespace. Even though namespaced, this is critical as secrets store sensitive information like database credentials, API keys, and service account tokens, which can lead to data exposure and privilege escalation within or beyond the namespace.