Aqua Blog

Role Based Access Control RBAC

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

Continue reading ›
rivilege Escalation from Node/Proxy Rights in Kubernetes RBAC

Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked …

Continue reading ›
RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...