🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Root Container in Kubernetes

Container in a kubernetes can run as root. This introduces specific security risks if an attacker gains access to the container. Containers should be run as a non-root user with the minimum required permissions (principle of least privilege).

Remediation

apiVersion: apps/v1
kind: Deployment
spec:
  template: #PodTemplateSpec
    spec: #PodSpec
      securityContext: #PodSecurityContext
        runAsNonRoot: true
      containers:
      - name: myContainer

Metadata

  • Severity: high
  • Slug: root-container-in-kubernetes

CWEs

  • 269: Improper Privilege Management

OWASP

  • A04:2021: Insecure Design

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.