Root Container in Kubernetes

Container in a kubernetes can run as root. This introduces specific security risks if an attacker gains access to the container. Containers should be run as a non-root user with the minimum required permissions (principle of least privilege).

Remediation

apiVersion: apps/v1
kind: Deployment
spec:
  template: #PodTemplateSpec
    spec: #PodSpec
      securityContext: #PodSecurityContext
        runAsNonRoot: true
      containers:
      - name: myContainer

Metadata

Severity: high
Slug: root-container-in-kubernetes

CWEs

269: Improper Privilege Management

OWASP

A04:2021: Insecure Design

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

trivial

Start Here.k8s

Other Trivial Kubernetes NoHint

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.