An application that is deployed in the cluster and is vulnerable to a remote code execution vulnerability, or a vulnerability that eventually allows code execution, enables attackers to run code in the cluster. If service account is mounted to the container (default behavior in Kubernetes), the attacker will be able to send requests to the API server using this service account credentials.
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet, services
Searching the image from pod spec in the vulnerability scan database, if there is at least one high vulnerability we raise an alert.
Patch your container with a version that does not have this vulnerability or use ARMO runtime protection (sign the workload).
Updated about 2 months ago