Skip to content

Commit 5092c5e

Browse files
carlospolopcarlospolop
committed
f
1 parent db7bdf0 commit 5092c5e

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/pentesting-cloud/kubernetes-security/kubernetes-pivoting-to-clouds.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -323,7 +323,7 @@ fi
323323

324324
### Privesc to cluster-admin
325325

326-
Iin summary: if it's possible to **access the EKS Node IAM role** from a pod, it's possible to **compromise the full kubernetes cluster**.
326+
In summary: if it's possible to **access the EKS Node IAM role** from a pod, it's possible to **compromise the full kubernetes cluster**.
327327

328328
For more info check [this post](https://blog.calif.io/p/privilege-escalation-in-eks). As summary, the default IAM EKS role that is assigned to the EKS nodes by default is assigned the role `system:node` inside the cluster. This role is very interesting although is limited by the kubernetes [**Node Restrictions**](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction).
329329

0 commit comments

Comments
 (0)