github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-06 01:08:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
kube-hunter/docs/_kb/KHV044.md
Owen Rumney e1896f3983 docs: lowercase the severities for AVD (#495) 
Signed-off-by: Owen Rumney <owen@owenrumney.co.uk>
2022-03-25 09:03:43 +00:00

851 B
Raw Permalink Blame History

vid, title, categories, severity
vid title categories severity
KHV044 Privileged Container
Access Risk
high

{{ page.vid }} - {{ page.title }}

Issue description

A privileged container is given access to all devices on the host and can work at the kernel level. It is declared using the Pod.spec.containers[].securityContext.privileged attribute. This may be useful for infrastructure containers that perform setup work on the host, but is a dangerous attack vector.

Remediation

Minimize the use of privileged containers.

Use Pod Security Policies to enforce using privileged: false policy.

References

Reference in New Issue View Git Blame Copy Permalink