TF 0123 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Seccomp policies disabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Containers are running without a Seccomp profile, allowing processes inside the container to bypass kernel syscall restrictions. This configuration weakens container isolation and security controls.
Impact
Attackers who gain access to the container can execute unrestricted system calls, increasing the risk of container escapes, privilege escalation, and compromise of the underlying host or other workloads.
Resolution
Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards