Description

Linux Capabilities refer to the division of the privileges, which are traditionally associated with superuser, into distinct units which can be independently enabled and disabled. The Kubernetes controller {K8sController} was found configured with settings that create containers with more capabilities then the default set of capabilities. The capabilities of a container are defined in the SecurityContext of the container and are responsible for limiting the potential attack vectors beyond the pod-level context. These can limit the capabilities added to or dropped from a container. An attacker may use these added capabilities to compromise the cluster.

• 

  Recommended Mitigation

  Consider removing added capabilities of the containers in {K8sController} controller in accordance with the Principle of Least Privileges