Container is running with writable root filesystem Affecting Deployment service in Kubernetes

Snyk CCSS

Containers / Configuration

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls

Snyk ID SNYK-CC-00612
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Compromised process could abuse writable root filesystem to elevate privileges.

How to fix?

Set securityContext.readOnlyRootFilesystem to true.

Terraform

References

security-best-practices-kubernetes-deployment