Kubernetes Exposed: Exploiting the Kubelet API

Security research demonstrates how attackers can exploit misconfigured Kubelet APIs to gain unauthorized access to Kubernetes clusters. The Kubelet is a critical component of Kubernetes that runs on each node, and misconfigurations can expose entire clusters to compromise.

This research reveals common misconfigurations that expose the Kubelet API, and demonstrates attack techniques that can be used to exploit these misconfigurations for unauthorized access and privilege escalation.

Exploitation Techniques

• Unauthenticated access to Kubelet API
• Container execution through exposed endpoints
• Privilege escalation to cluster-admin
• Lateral movement within the cluster