SYM_CONF_0007 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Permission Assignment for Critical Resource
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-732: Incorrect Permission Assignment for Critical Resource |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The container's security settings do not explicitly disable privilege escalation, which means processes inside the container could gain more permissions than intended. This makes it easier for malicious code to exploit vulnerabilities and run with elevated rights.
Impact
If exploited, an attacker could escalate privileges inside the container, potentially gaining unauthorized access to sensitive data or taking control of the host system. This increases the risk of data breaches, service disruption, or further compromise of the Kubernetes environment.