You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I tired to replicate the Unnecessary use of LIST permission example attack but it does not work. I think the problem is that in the K8s version before 1.24, every time we would create a service account, a non-expiring secret token (Mountable secrets & Tokens) was created by default. However, from version 1.24 onwards, it was disbanded and no secret token is created by default when we create a service account.
I tired to replicate the Unnecessary use of LIST permission example attack but it does not work. I think the problem is that in the K8s version before 1.24, every time we would create a service account, a non-expiring secret token (Mountable secrets & Tokens) was created by default. However, from version 1.24 onwards, it was disbanded and no secret token is created by default when we create a service account.
When i tried to access to http://127.0.0.1:8001/api/v1/namespaces/default/secrets/abcd link i can see the "secretAuthToken": "dmVyeVNlY3VyZTEyMw=="
The text was updated successfully, but these errors were encountered: