Kubernetes RBAC Privilege Escalation

Cloud Identity and Access Management (IAM) roles and policies configured with excessive permissions that violate the principle of least privilege. This includes roles with administrative access, wildcard permissions, or broad resource access that increases the attack surface and potential for privilege escalation across AWS, Azure, and Google Cloud Platform.

A critical security vulnerability where Docker containers are executed with the --privileged flag, granting them root-level access to the host system. This breaks container isolation, allowing containers to access all devices, mount filesystems, load kernel modules, and potentially escape to the host system. Privileged containers essentially run with the same security context as the Docker daemon itself.

A high-severity security vulnerability where Kubernetes pods use the default service account which often has overly broad permissions or access to sensitive cluster resources. Default service accounts are automatically assigned to pods unless explicitly overridden, and they frequently inherit cluster-wide permissions that violate the principle of least privilege. This can lead to privilege escalation, unauthorized access to secrets, and potential cluster compromise.

Kubernetes pods deployed without proper security context configurations, allowing containers to run with excessive privileges, as root user, or with dangerous capabilities. These misconfigurations can lead to container escape, privilege escalation, and compromise of the underlying node and cluster.