🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Filesystem Writable

By default, containers are allowed to make modification to files. This unnecessary privilege increases the cluster attack surface as commonly containers do not need a writable filesystem.

Remediation

The following example makes the root file system read only.

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      containers:
      - name: app
        securityContext:
          readOnlyRootFilesystem: true

Metadata

  • Severity: informational
  • Slug: filesystem-writable

CWEs

  • 269: Improper Privilege Management

OWASP

  • A04:2021: Insecure Design
  • A05:2021: Security Misconfiguration

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.