Json Yaml Security Context Privileged True
Description
Detects Kubernetes containers configured to run with privileged access through securityContext.privileged=true setting. Privileged containers pose a critical security risk as they can access host resources and escape container isolation, potentially compromising the entire host system.
Detection Strategy
• Scans Kubernetes manifest files and configuration
• Identifies container specifications within the configuration
• Checks if securityContext is defined for containers
• Verifies if privileged flag is set to true in securityContext
• Reports a vulnerability when a container has privileged=true
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
containers:
- name: nginx
image: nginx...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
labels:
app: web
spec:
automountServiceAccountToken: false # Prevent access to K8s API credentials...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.