Runs with GID <= 10000
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Containers are configured to run with a group ID (GID) of 10000 or lower, or without explicitly setting ‘securityContext.runAsGroup’. This increases the risk of GID conflicts with host system groups, potentially exposing sensitive host resources.
Impact#
If a container runs with a low GID or no set GID, it may unintentionally share group privileges with host users or services, increasing the risk of privilege escalation or unauthorized access to host files and processes. This can compromise container isolation and weaken overall system security.
Resolution#
Set ‘containers[].securityContext.runAsGroup’ to an integer > 10000.