A security researcher revealed a Kubernetes vulnerability that allows users with read-only permissions to execute arbitrary commands on pods. This exploit stems from the nodes/proxy GET resource, which many monitoring tools use, and poses significant risks to cluster security. Until the upcoming KEP-2862 is fully implemented, organizations need to audit their permissions and consider stricter access controls.

This article details a vulnerability in Kubernetes where service accounts with nodes/proxy GET permissions can execute commands in any Pod across reachable Nodes. This issue arises from how the Kubelet authorizes WebSocket connections, potentially leading to full cluster compromise without proper logging.