Manage IngressClasses (Cluster-wide Traffic Control Tampering)
NetworkManipulation
Critical
Overview
| Field | Value |
|---|---|
| ID | 1092 |
| Name | Manage IngressClasses (Cluster-wide Traffic Control Tampering) |
| Risk Category | NetworkManipulation |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | networking.k8s.io |
| Resources | ingressclasses |
| Verbs | create, update, patch, delete |
| Tags | ClusterAdminAccess DenialOfService NetworkManipulation ServiceExposure Tampering |
Description
Allows creating, updating, or deleting IngressClasses cluster-wide. IngressClasses define types of ingress controllers. Modifying them can affect how all ingresses in the cluster behave, potentially redirecting traffic globally, disabling ingress controllers, or leading to widespread service exposure or denial of service.
Abuse Scenarios
- Create a new IngressClass pointing to a non-existent or malicious controller.
kubectl create -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
name: malicious-ingress-class
spec:
controller: attacker.com/ingress-controller
EOF
# Example: kubectl create -f - <<EOF ... EOF
- Delete an existing IngressClass, potentially disrupting all ingresses using it.
kubectl delete ingressclass <ingressclass-name>
# Example: kubectl delete ingressclass nginx