can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

create mutatingwebhookconfigurations

Verb: create

Resource: mutatingwebhookconfigurations

Description: Create admission webhook configurations that mutate resource requests before they are persisted.

Abuses

Privilege Escalation

Create mutating webhooks to automatically escalate privileges of created resources

# Create webhook that adds privileged security context to all pods

# Create webhook that adds cluster-admin role to all service accounts
← Back to overview