Service account tokens are Kubernetes secrets to authenticate applications running inside pods to the API server. If a pod is compromised, an
attacker could use this token to gain access to other resources in the cluster.
For example, they could create new pods, modify existing ones, or even delete critical system pods, depending on the permissions associated with
the service account.
What is the potential impact?
Unauthorized Access
If a pod with a mounted service account gets compromised, an attacker could potentially use the token to interact with the Kubernetes API, possibly
leading to unauthorized access to other resources in the cluster.
Privilege Escalation
Service account tokens are often bound with roles that have extensive permissions. If these tokens are exposed, it could lead to privilege
escalation where an attacker gains higher-level permissions than intended.
Data Breach
Service account tokens can be used to access sensitive data stored in the Kubernetes cluster. If these tokens are compromised, it could lead to a
data breach.
Denial of Service
An attacker with access to a service account token could potentially overload the Kubernetes API server by sending a large number of requests,
leading to a Denial of Service (DoS) attack.
