Container Escape
criticalcontainer-escape
Attacker breaks out of container isolation to access the host system
Elevation of PrivilegeTampering
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1611 | Escape to Host | Privilege Escalation |
Common Weakness Enumeration
Mitigating controls
ctrl-container-1- Run containers as non-root users
ctrl-container-2- Use read-only file systems where possible
ctrl-container-3- Implement pod security policies/standards
ctrl-container-4- Disable privileged containers
ctrl-container-5- Use container runtime security tools