A container has allowPrivilegeEscalation: true (or unset, which defaults to true). This allows processes to gain more privileges than the parent and can aid container escape.
Warning
N/A
- Report shows: Container <name> allows privilege escalation
- securityContext.allowPrivilegeEscalation is true or not set
- Set allowPrivilegeEscalation: false unless the workload has a documented need
- Combine with runAsNonRoot and dropped capabilities for defense in depth
- Use Pod Security Standards (e.g. restricted) to enforce false by default
- Audit existing pods and fix or justify exceptions