Terraform Privileged True In Security Context

Description

Detects Kubernetes container configurations that use privileged security contexts in Terraform code. Running containers in privileged mode gives them elevated access to the host system resources, which breaks container isolation and can lead to host system compromise if the container is breached.

Weakness:

267 - Excessive Privileges - Kubernetes

Category: Functionality Abuse

Detection Strategy

• Scan Terraform configuration files that define Kubernetes resources (like Deployments, StatefulSets, DaemonSets)

• Look for container specifications within these resources that contain security context configurations

• Check if the 'privileged: true' setting is used in the security context

• Report a vulnerability when containers are configured to run in privileged mode

Vulnerable code example

resource "kubernetes_pod" "example" {
  metadata {
    name = "vulnerable-pod"
  }
  spec {
    container {
      name  = "vulnerable-container"
      image = "nginx"...

✅ Secure code example

resource "kubernetes_pod" "example" {
  metadata {
    name = "secure-pod"
    labels = {
      app = "web"
    }
  }
  spec {...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.