Skip to content
Nuclei Templates

Containers run with allowPrivilegeEscalation enabled

ID: k8s-allow-privilege-escalation-set

Severity: critical

Author: princechaddha

Tags: cloud,devops,kubernetes,security,devsecops,containers,k8s,k8s-cluster-security

Description

Section titled “Description”

Checks for containers running with the allowPrivilegeEscalation flag enabled, which can increase security risks by allowing privileges to be escalated

YAML Source

Section titled “YAML Source”
id: k8s-allow-privilege-escalation-set


info:
  name: Containers run with allowPrivilegeEscalation enabled
  author: princechaddha
  severity: critical
  description: Checks for containers running with the allowPrivilegeEscalation flag enabled, which can increase security risks by allowing privileges to be escalated
  impact: |
    Enabling allowPrivilegeEscalation in container deployments can result in elevated privileges, potentially allowing attackers to gain further access to host resources. This poses significant security risks.
  remediation: Ensure that the allowPrivilegeEscalation flag is set to false in all container configurations to minimize security risks
  reference:
    - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  tags: cloud,devops,kubernetes,security,devsecops,containers,k8s,k8s-cluster-security


flow: |
  code(1);
  for (let container of template.items) {
    set("container", container)
    javascript(1);
  }


self-contained: true
code:
  - engine:
      - sh
      - bash
    source: kubectl get pods --all-namespaces --output=json
    extractors:
      - type: json
        name: items
        internal: true
        json:
          - '.items[] | {pod: .metadata.name, containers: .spec.containers}'


javascript:
  - code: |
        let podData = JSON.parse(template.container);
        podData.containers.forEach(container => {
          if (container.securityContext && container.securityContext.allowPrivilegeEscalation === true) {
            let result = (`Container '${container.name}' in pod '${podData.pod}' running with allowPrivilegeEscalation enabled.`);
            Export(result);
          }
        });




    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a0047304502202a429cde4b8fa211681a05274c7f415478742d7759267a1f68169a7e385a7759022100818f20a09ec427a2a2befa5528f3075acc4abae50aef7a0ae372cee4bcf10e8f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml"

View on Github