Application with critical vulnerability running in risky container allowing escape to privileged node
Set up the kubernetes integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
A critically vulnerable application that is detected running in a high-risk container might lead to container escape, resulting in unauthorized node control. This escalates security risks, as it exposes the cloud environment to further potential breaches.
- Apply available patches to the vulnerable application.
- Review Kubernetes pod/container security contexts. Avoid root containers and utilize Kubernetes pod security policies and features like SELinux, AppArmor, or seccomp for stronger control.
- Follow cloud-specific (AWS, GCP, Azure) node hardening best practices. Keep OS and Kubernetes platform updated, and eliminate insecure services.