Excessive Privileges - Kubernetes
Description
Kubernetes default configuration is overly permissive, allowing users to escalate privileges or execute commands as privileged users.
Impact
Gain total control over one or more PoDs.
Recommendation
Set strict security policy disabling potentially harmful actions and restricting the user permissions.
Threat
Authenticated attacker with local access to PoD or container.
Expected Remediation Time
⏱️ 30 minutes.
Details
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Requirements
095 - Define users with privileges096 - Set user's required privileges186 - Use the principle of least privilegeFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
L
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
L
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
U
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U