TF 0066 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Can elevate its own privileges
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Containers are configured without explicitly disabling privilege escalation, allowing processes inside the container to gain elevated (root) privileges. This misconfiguration makes it possible for containerized applications to escape intended security restrictions.
Impact
If exploited, a malicious process inside the container could gain root access, potentially compromising the entire container and even the underlying node. This may lead to unauthorized access, data breaches, disruption of services, or lateral movement within the cluster.
Resolution
Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.