Attackers who gain access to a container in the cluster may use the mounted service account token for sending requests to the API server, and gaining access to additional resources in the cluster. (See “Access container service account” for more details.)
For an example, please refer to “Access container service account”.