Publicly available application running in risky container allowing escape to privileged node

kubernetes

Set up the kubernetes integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

A critical vulnerability has been discovered in a publicly exposed application running within a high-risk container. If exploited, this vulnerability could lead to a container escape, potentially escalating to privileged access on the associated cloud node. This situation poses a severe security risk as it could lead to granting unauthorized control over your cloud resources.

Remediation

  1. Revisit your Kubernetes pod/container configurations. Avoid using containers that run as root and enforce security practices using Kubernetes Pod Security Policies, SELinux, AppArmor, or Seccomp.
  2. Review and limit the cloud node’s privileged permissions adhering to the principle of least privilege.
  3. Follow cloud-specific node hardening best practices: keep your OS, Kubernetes platform up-to-date, and discard unnecessary services.