C-0039 - Validate admission controller (mutating)
Framework
ClusterScan, MITRE, AllControls
Severity
Medium
Description of the the issue
Attackers may use mutating webhooks to intercept and modify all the resources in the cluster. This control lists all mutating webhook configurations that must be verified.
Related resources
MutatingWebhookConfiguration
What does this control test
Attackers may use mutating webhooks to intercept and modify all the resources in the cluster. This control lists all mutating webhook configurations that must be verified.
Remediation
Ensure all the webhooks are necessary. Use exception mechanism to prevent repititive notifications.
Example
No example
Updated 11 days ago