Incorrect Permission Assignment for Critical Resource
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The Kubernetes container definition is missing a securityContext with allowPrivilegeEscalation set to false. This means the container may allow processes to gain elevated privileges inside the pod, increasing security risk.
Impact#
If exploited, an attacker could escalate privileges within the container, potentially gaining access to sensitive data or control over the host or other containers. This could lead to data breaches, lateral movement, or compromise of the entire Kubernetes cluster.