Back to all scenarios
Scenario #207
Security
K8s v1.21, GKE

Insufficient Pod Security Policies Leading to Privilege Escalation

Privilege escalation was possible due to insufficiently restrictive PodSecurityPolicies (PSPs).

Find this helpful?
What Happened

The PodSecurityPolicy (PSP) was not configured to prevent privilege escalation, allowing containers to run with excessive privileges and exploit vulnerabilities within the cluster.

Diagnosis Steps
  • 1Inspected the PSPs using kubectl get psp and noticed that the allowPrivilegeEscalation flag was set to true.
  • 2Cross-referenced the pod configurations and found that containers were running with root privileges and escalated privileges.
Root Cause

Insufficiently restrictive PodSecurityPolicies allowed privilege escalation.

Fix/Workaround
• Updated the PSPs to restrict privilege escalation by setting allowPrivilegeEscalation: false.
• Applied the updated policies and tested pod deployments to confirm proper restrictions.
Lessons Learned

Always configure restrictive PodSecurityPolicies to prevent privilege escalation within containers.

How to Avoid
  • 1Regularly review and apply restrictive PSPs to enforce security best practices in the cluster.
  • 2Use automated tools to enforce security policies on all pods and containers.
Previous ScenarioNext Scenario