TF 0378 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Root file system is not read-only
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
The root file system for one or more containers is not set to read-only, allowing applications and processes within the container to write to the local disk. This configuration increases the risk of unauthorized modifications to the container's environment.
Impact
If exploited, an attacker who gains access to the container could write malicious files or executables to the file system, tamper with application binaries, or alter system behavior, potentially leading to persistent compromise and making it harder to detect or recover from intrusions.
Resolution
Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.