← all rules

iac/kubernetes/k8s-allow-privilege-escalation

allowPrivilegeEscalation enabled

mediumKubernetesiac-kubernetes

What it detects

`allowPrivilegeEscalation: true` lets a process gain more privileges than its parent (e.g. via setuid binaries). Combined with a vulnerable binary this is a path to root inside the container.

Remediation

Set `allowPrivilegeEscalation: false` in the container's securityContext.

How it runs

Run against YAML files that look like Kubernetes manifests (top-level `apiVersion:` + `kind:`). Line-based checks across multi-document files; Helm-templated lines are skipped.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.