can-i gtfo?

Kubernetes RBAC Abuse Collection

View on GitHub

update mutatingwebhookconfigurations

Verb: update

Resource: mutatingwebhookconfigurations

Description: Update admission webhook configurations that mutate resource requests before they are persisted.

Abuses

Privilege Escalation

Update mutating webhooks to automatically escalate privileges of created resources

# Update webhook to add privileged security context to all pods

# Update webhook to add cluster-admin role to all service accounts
← Back to overview