Lateral movement

Controller creating containers with added capabilities

Risk Level

Informational (4)

  • N/A

Compliance Frameworks


Linux Capabilities refer to the division of the privileges, which are traditionally associated with superuser, into distinct units which can be independently enabled and disabled. The Kubernetes controller {K8sController} was found configured with settings that create containers with more capabilities then the default set of capabilities. The capabilities of a container are defined in the SecurityContext of the container and are responsible for limiting the potential attack vectors beyond the pod-level context. These can limit the capabilities added to or dropped from a container. An attacker may use these added capabilities to compromise the cluster.
  • Recommended Mitigation

    Consider removing added capabilities of the containers in {K8sController} controller in accordance with the Principle of Least Privileges