Manage IngressClasses (Cluster-wide Traffic Control Tampering)

Overview

Field	Value
ID	1092
Name	Manage IngressClasses (Cluster-wide Traffic Control Tampering)
Risk Category	NetworkManipulation
Risk Level	Critical
Role Type	ClusterRole
API Groups	networking.k8s.io
Resources	ingressclasses
Verbs	create, update, patch, delete
Tags	ClusterAdminAccess DenialOfService NetworkManipulation ServiceExposure Tampering

Description

Allows creating, updating, or deleting IngressClasses cluster-wide. IngressClasses define types of ingress controllers. Modifying them can affect how all ingresses in the cluster behave, potentially redirecting traffic globally, disabling ingress controllers, or leading to widespread service exposure or denial of service.