Configuring a Kubernetes role other than for cluster-admin service which allows to create pod/attach can give an attacker to view logs of pods in real time.
Make sure Kubernetes roles which allow to create pod/attach are allowed to cluster-admin service account. To make this change make sure to remove all the RoleBindings or ClusterRoleBindings that are overly permissive.