Manage webhookconfigurations
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Roles or cluster roles are configured with permissions to manage ‘mutatingwebhookconfigurations’ or ‘validatingwebhookconfigurations’, allowing creation, modification, or deletion of webhooks that can intercept or alter Kubernetes resources.
Impact#
Attackers with these permissions could create, modify, or remove webhooks to intercept secrets, manipulate pod specifications, or block resource operations, potentially leading to privilege escalation, data theft, service disruption, or a complete compromise of the Kubernetes cluster.