Publicly accessible application in container with elevated privileges

Set up the kubernetes integration.

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Granting excessive capabilities to a pod or container can lead to unintended lateral movement to other containers or to the underlying node resources.

Remediation

  1. Review any associated vulnerability references or advisories.
  2. Apply the appropriate patch based on remediation guidance. If no patch is available, apply compensating controls such as disabling or removing the vulnerable component.
  3. Review your Kubernetes pod or container security context configurations to ensure they provide proper isolation boundaries. Possible mitigations include using Kubernetes Pod Security Policies, SELinux, AppArmor, or Seccomp filters.
PREVIEWING: may/unit-testing