Json Yaml Allow Privilege Escalation True
Description
Detects when Kubernetes containers have privilege escalation enabled or not explicitly disabled in their security context configuration. This allows containers to gain more privileges than their parent process, which violates security best practices and the principle of least privilege.
Detection Strategy
• Check container specification in Kubernetes manifests for securityContext configuration
• Report a vulnerability if allowPrivilegeEscalation is set to true
• Report a vulnerability if allowPrivilegeEscalation is missing from the securityContext (since it defaults to true)
• Examine both pod-level and container-level security contexts for these conditions
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
containers:
- name: container1
image: nginx...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
automountServiceAccountToken: false # Prevent access to K8s API by default
securityContext:
seccompProfile:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.