Container is running with SYS_ADMIN capability Affecting Deployment service in Kubernetes


Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Containers / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Controls CSA-CCM
  • Snyk ID SNYK-CC-00611
  • credit Snyk Research Team

Description

SYS_ADMIN capability grants the container almost full administrative privileges.

How to fix?

Remove SYS_ADMIN from securityContext.capabilities.add list.

Terraform