TF 0025 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Containers must not set runAsUser to 0
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The configuration allows containers to run as the root user (UID 0) by explicitly setting 'securityContext.runAsUser' to 0. Running containers as root increases the risk of privilege escalation within the container environment.
Impact
If exploited, attackers who compromise a container can gain root-level access, potentially allowing them to break out of the container, alter system files, or escalate privileges, increasing the risk of system-wide compromise.
Resolution
Set 'securityContext.runAsUser' to a non-zero integer or leave undefined.