Kubernetes Secrets API Exposure Probe for 2026-03-04
Mar 04, 2026
WebExploit
Last Updated: 12:10 UTC
Direct requests to /api/v1/namespaces/{ns}/secrets attempt to read all Kubernetes secrets in the namespace from a misconfigured or unauthenticated kube-apiserver. A successful response exposes service account tokens, TLS keys, and application credentials.
MITRE ATT&CK
Tactic: Credential Access (TA0006)
Technique: T1552.007 — Container API
Observed URIs
/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs/api/v1/namespaces/default/secrets
Attackers by Country
IP Address : ASN : City/Provider
- 198.167.197.194 : AS39287 ab stract : Sweden