It is not an universal RCE (it works from a pod with the correct permissions).
Kubernetes internal auth bypass via nodes/proxy GET permission
Submitted 9 hours ago by sk4nz@lemmy.sdf.org to cybersecurity@infosec.pub
https://grahamhelton.com/blog/nodes-proxy-rce