Lateral movement

Controller creating pods without Security Context

Platform(s)
  • N/A

Compliance Frameworks

Description

A security context defines the operating system security settings (uid, gid, capabilities, SELinux role, etc..) applied to a container. There are two levels of security context: pod level security context, and container level security context. Orca has detected that the {K8sController} controller creates pods without the SecurityContext property.