🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Root Container in Kubernetes

Container in a kubernetes can run as root. This introduces specific security risks if an attacker gains access to the container. Containers should be run as a non-root user with the minimum required permissions (principle of least privilege).

Remediation

apiVersion: apps/v1
kind: Deployment
spec:
  template: #PodTemplateSpec
    spec: #PodSpec
      securityContext: #PodSecurityContext
        runAsNonRoot: true
      containers:
      - name: myContainer

Metadata

  • Severity: high
  • Slug: root-container-in-kubernetes

CWEs

  • 269: Improper Privilege Management

OWASP

  • A04:2021: Insecure Design

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.