Running Containers as Root
Allowing containers to run as root increases the attack surface. If a container is compromised, an attacker may escalate privileges and access sensitive host resources.
Compromised containers can lead to unauthorized control of the cluster or host, enabling privilege escalation attacks.
Attackers may exploit vulnerabilities to gain access to the host, leading to potential data breaches or unauthorized control of cluster resources.
Use of Unverified and Outdated Images
Using untrusted or outdated container images introduces security vulnerabilities into the cluster. If images are not verified or scanned, they may contain known vulnerabilities or malicious code.
Unverified images could contain backdoors, malware, or vulnerabilities that expose the cluster to attacks.
Outdated or compromised images can lead to cluster-wide security breaches, allowing attackers to exploit vulnerabilities in the software stack.
Insecure Container Configuration
Using privileges such as the --privileged flag, mounting sensitive host directories, or allowing write access to critical files increases the risk of compromising the container and host systems.
Privileged containers and insecure mounts expose sensitive host resources to containers, which could lead to data leaks or system compromise.
Attackers may leverage insecure configurations to access host directories, modify system files, or install malicious software.
