can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

patch mutatingwebhookconfigurations

Verb: patch

Resource: mutatingwebhookconfigurations

Description: Patch admission webhook configurations that mutate resource requests before they are persisted.

Abuses

Privilege Escalation

Patch mutating webhooks to automatically escalate privileges of created resources

# Patch webhook to add privileged security context to all pods

# Patch webhook to add cluster-admin role to all service accounts
← Back to overview