Attackers who have permissions to run a bash/cmd script inside a container can use it to execute malicious code.
Create a pod that includes bash/cmd like with e.g. the nginx
container image.
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- image: nginx
name: my-pod
Now execute bash
in the container as follows.
$ kubectl exec -it my-pod -- bash
root@my-pod:/#