Homepage
About Snyk

Container does not drop all default capabilities Affecting Deployment service in Kubernetes

medium

    Is your enviroment affected by this misconfiguration?

    In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

    Test your applications
      Frameworks
      CIS-Controls CSA-CCM
    • Snyk ID SNYK-CC-K8S-6
    • credit Snyk Research Team
    Report a new misconfiguration Found a mistake?

    Description

    Containers are running with potentially unnecessary privileges

    How to fix?

    Add ALL to securityContext.capabilities.drop list, and add only required capabilities in securityContext.capabilities.add