services / Google Cloud / Namespaces

Namespaces isolate resources within a Kubernetes cluster. This is a logical isolation, that allows you to group and segregate resources like Pods, Services, Deployments. Kubernetes role-based access control (RBAC) defines Roles and ClusterRoles. The former is scoped to a specific namespaces, meaning Roles only grant permissions within the scope of one namespace.

container.​namespaces.​getStatus

Allows see the same namespace metadata as `namespaces.get`.

Risks

1. Infrastructure discovery (LOW)

Scope: LOW

This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.

Links