Excessive Privileges - Kubernetes
Description
Kubernetes default configuration is overly permissive, allowing users to escalate privileges or execute commands as privileged users.
Impact
Gain total control over one or more PoDs.
Recommendation
Set strict security policy disabling potentially harmful actions and restricting the user permissions.
Threat
Authenticated attacker with local access to PoD or container.
Expected Remediation Time
⏱️ 30 minutes.
Details
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Requirements
095 - Define users with privileges096 - Set user's required privileges186 - Use the principle of least privilegeRules
Json Yaml Capabilities Add Sys AdminJson Yaml Run As User Below 10000Json Yaml Hostpath Volume MountTerraform Host Process EnabledTerraform Allow Privilege Escalation EnabledTerraform Unconfined Seccomp ProfileTerraform Missing Security ContextTerraform Run As User Too LowJson Yaml Missing Drop AllJson Yaml Sa Token EnabledTerraform Missing Drop All CapabilityTerraform Privileged True In Security ContextJson Yaml Read Only Root Filesystem FalseJson Yaml Capability Net Bind Service GrantedJson Yaml Allow Privilege Escalation TrueJson Yaml Seccomp Profile UnconfinedTerraform Missing Read Only Root FilesystemJson Yaml Run As Non Root MissingJson Yaml Windows Hostprocess EnabledJson Yaml Security Context Privileged TrueTerraform Automount Token EnabledTerraform Sys Admin Capability AddedTerraform Run As Non Root FalseTerraform Missing Security Context CapabilitiesTerraform Host Path Volume ProhibitedJson Yaml Missing Container SecuritycontextFixes