Privilege Escalation in Kubernetes

Processes with in container can gain additional privileges is if allowPrivilegeEscalation is not set.

Remediation

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      containers:
      - name: myContainer
        securityContext:
          allowPrivilegeEscalation: false

Metadata

Severity: high
Slug: privilege-escalation-in-kubernetes

CWEs

250: Execution with Unnecessary Privileges

OWASP

A04:2021: Insecure Design

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

trivial

Start Here.k8s

Other Trivial Kubernetes NoHint

easy

Daemonset.k8s

Other Easy Kubernetes

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.