Aqua Blog

Kubernetes RBAC

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …

Continue reading ›
Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

Continue reading ›
Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked …

Continue reading ›
RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant …

Continue reading ›