Execution with Unnecessary Privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-250: Execution with Unnecessary Privileges |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The container is not explicitly configured to run as a non-root user in its Kubernetes securityContext. This means the container may run as root by default, increasing the risk of privilege escalation.
Impact#
If an attacker exploits a vulnerability in the container, they could gain root access, allowing them to compromise the container, access sensitive data, or disrupt other services. Running as root increases the potential impact of any container breach.