WB-E-2 — Network-reachable admin port grants full tenant/user CRUD
Component: Wallet Backend. Mitigations: Admin API token authentication + operator-enforced network exposure controls (ClusterIP/Ingress scope + NetworkPolicy). Action: Document and validate Kubernetes policy baseline for port 8081 in deployment guides.
| Property | Value |
|---|---|
| Section | Elevation of Privilege |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-03 | Network Segmentation (Separate Server Ports) |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md