Lateral movement

Controller creating containers with AllowPrivilegeEscalation turned on

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process and it defaults to True. The controller {K8sController} was found configured with settings that allows the creation of containers that have the AllowPrivilegeEscalation flag set to True. The Container's SecurityContext attributes are responsible for limiting the potential attack vector beyond the container-level context. An adversary can use this misconfiguration to compromise the cluster.
  • Recommended Mitigation

    Consider disabling the following attributes in the container: AllowPrivilegeEscalation