> nodes/proxy GET allows command execution when using a connection protocol such as WebSockets. This is due to the Kubelet making authorization decisions based on the initial WebSocket handshake’s request without verifying CREATE permissions are present for the Kubelet’s /exec endpoint requiring different permissions depending solely on the connection protocol.

That's rough

It is a know problem. The strange part for me is that they fixed it in v1.35 with the FeatureGate AuthorizePodWebsocketUpgradeCreatePermission for pods but not for nodes which have a far greater attact vector. The author also references this:

> The same behavior was fixed elsewhere

It is a problem, but in order to exploit it you need a valid token and have public kubelet endpoints or need to compromise an service within the cluster that has the required RBAC permissions. So cluster admins can cat and check their RBAC

This is what freaks me out about clawdbot/molbot (whatever it’s called now)