Introduction In this post I’ll describe how to execute code on every Pod in many Kubernetes clusters when using a service account with nodes/proxy GET permissions. This issue was initially reported through the Kubernetes security disclosure process and closed as working as intended. Attribute Details Vulnerable Permission nodes/proxy GET Kubernetes Version Tested v1.34, v1.35 Required Network Access Kubelet API (Port 10250) Impact Code execution in any Pod on reachable Nodes Disclosure Status Wo...