Lack of Resource Restriction

Containers running without CPU and memory limits pose a significant risk to the shared resources within a cluster. In the absence of predefined limits, containers have the potential to overuse CPU and memory resources, creating an environment where resource exhaustion becomes a concern. In the event of a compromised container, an adversary could exploit this lack of constraints to execute a denial-of-service attack on other containers within the same cluster. By intentionally consuming excessive resources, the compromised container can impact the overall performance and availability of the entire cluster.

Remediation

Apply CPU and memory limit

Metadata

Severity: medium
Slug: lack-of-resource-restriction

CWEs

400: Uncontrolled Resource Consumption

OWASP

A05:2021: Security Misconfiguration

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

easy

Limits.k8s

Other Easy Kubernetes Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.