2 Service Accounts
2 Workloads
3 Bindings
3 Low
Description
Prometheus Operator Admission Webhook
- https://github.com/prometheus-operator/prometheus-operator
- https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-operator-admission-webhook
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
prometheus-operator-admission-webhook-aux | default | ❌ | — | 3 | 2 | Low |
prometheus-operator-admission-webhook | default | ❌ | — | 0 | 1 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 prometheus-operator-admission-webhook-aux
Namespace: default | Automount: ❌
🔑 Permissions (3)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole prometheus-operator-admission-webhook-aux | admissionregistration.k8s.io/mutatingwebhookconfigurations | get · update | Low | |
Role prometheus-operator-admission-webhook-aux | core/secrets | create · get | Low | |
ClusterRole prometheus-operator-admission-webhook-aux | admissionregistration.k8s.io/validatingwebhookconfigurations | get · update | Low |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (2)
| Kind | Name | Container | Image |
|---|---|---|---|
| Job | prometheus-operator-admission-webhook-create | create | registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0 |
| Job | prometheus-operator-admission-webhook-patch | patch | registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.0 |
🤖 prometheus-operator-admission-webhook
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | prometheus-operator-admission-webhook | prometheus-operator-admission-webhook | quay.io/prometheus-operator/admission-webhook:v0.83.0 |