Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The container is configured to allow running as the root user by setting ‘runAsNonRoot: false’ in the securityContext. This means applications inside the container can have unnecessary root privileges, increasing the risk of security breaches.
Impact#
If exploited, an attacker gaining access to the container could use root privileges to escalate their actions, potentially compromising the entire Kubernetes node, accessing sensitive data, or disrupting other services. This undermines container isolation and can lead to a full system breach.