Remote code execution (RCE) due to privileged container configuration in Kubernetes Pod spec

Critical Risk infrastructure-security

What it is

Remote code execution (RCE) could let attackers control the host, escape isolation, access devices, and alter system configuration.

Why it happens

Setting privileged: true during development for convenience and not removing it for production.

Root causes

Default Privileged Configuration

Setting privileged: true during development for convenience and not removing it for production.

Container Debugging Requirements

Running containers as privileged to access host-level debugging tools or system resources.

Legacy Application Dependencies

Maintaining privileged mode for older applications that assume root access or host capabilities.

Fixes

1

Remove Privileged Flag

Set privileged: false or remove the privileged field entirely from Pod securityContext.

2

Use Specific Capabilities

Instead of privileged mode, add only the specific capabilities needed using securityContext.capabilities.add.

3

Implement Pod Security Standards

Use Kubernetes Pod Security Standards (restricted profile) to prevent privileged containers cluster-wide.

Detect This Vulnerability in Your Code

Sourcery automatically identifies remote code execution (rce) due to privileged container configuration in kubernetes pod spec and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities