Information
Users with rights to create/modify/delete validatingwebhookconfigurations or mutatingwebhookconfigurations can control webhooks that can read any object admitted to the cluster, and in the case of mutating webhooks, also mutate admitted objects. This could allow for privilege escalation or disruption of the operation of the cluster.
The ability to manage webhook configuration should be limited
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Where possible, remove access to the validatingwebhookconfigurations or mutatingwebhookconfigurations objects