Insufficient Pod Security Policies Leading to Privilege Escalation

Insufficiently restrictive PodSecurityPolicies (PSPs) allowed the deployment of privileged pods, which were later exploited by attackers.

Find this helpful?

What Happened

A cluster had PodSecurityPolicies enabled, but the policies were too permissive, allowing containers with root privileges and host network access. Attackers exploited these permissions to escalate privileges within the cluster.

Diagnosis Steps

1Checked the PodSecurityPolicy settings and found that they allowed privileged pods and host network access.
2Identified compromised pods that had root access and were able to communicate freely with other sensitive resources in the cluster.

Root Cause

Misconfigured PodSecurityPolicy allowed unsafe pods to be deployed with excessive privileges.

Fix/Workaround

• Updated PodSecurityPolicies to enforce stricter controls, such as disallowing privileged containers and restricting host network access.
• Applied RBAC restrictions to limit who could deploy privileged pods.

Lessons Learned

It is crucial to configure PodSecurityPolicies with the least privilege principle to prevent privilege escalation.

How to Avoid

1Use strict PodSecurityPolicies to enforce safe configurations for all pod deployments.
2Regularly audit pod configurations and PodSecurityPolicy settings to ensure compliance with security standards.

Previous Scenario Next Scenario