Can elevate its own privileges
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Containers are configured without explicitly disabling privilege escalation, allowing processes inside the container to gain elevated (root) privileges. This misconfiguration makes it possible for containerized applications to escape intended security restrictions.
Impact#
If exploited, a malicious process inside the container could gain root access, potentially compromising the entire container and even the underlying node. This may lead to unauthorized access, data breaches, disruption of services, or lateral movement within the cluster.
Resolution#
Set ‘set containers[].securityContext.allowPrivilegeEscalation’ to ‘false’.