Seemingly Read-Only Kubernetes Permission Allows RCE

- The exploit was detailed by security researcher Graham Helton and allows a principal with only `nodes/proxy` GET permissions to execute commands in any pod on a reachable node. This is achieved by leveraging the Kubelet API, which authorizes WebSocket `exec` sessions based on the initial GET request of the handshake. - The Kubernetes Security Team has classified this behavior as "working as intended" and will not be issuing a CVE. Their stance is that `nodes/proxy` has always been a privileged permission, effectively granting broad access to the Kubelet API. - This permission is commonly granted to in-cluster monitoring and observability tools, such as Prometheus, Datadog, and Grafana, to collect metrics, stats, and logs. A search revealed at least 69 different Helm charts that configure these `nodes/proxy` GET permissions. - Attackers can use this permission to enumerate all pods on a node via the Kubelet's `/pods` endpoint and then initiate an `exec` session to run arbitrary commands. This can lead to stealing service account tokens, accessing secrets, and potentially achieving a full cluster compromise. - Actions executed directly against the Kubelet API through this method may bypass standard Kubernetes audit logging that primarily tracks API server requests. This makes detection of malicious activity more difficult for security teams relying on audit logs. - The long-term fix is a Kubernetes Enhancement Proposal, KEP-2862 ("Fine-Grained Kubelet API Authorization"), which is expected to become generally available in a future version of Kubernetes. In the meantime, mitigation involves auditing RBAC policies to restrict `nodes/proxy` permissions and using network policies to limit access to the Kubelet port (10250).