Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-723
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A container is running in privileged mode, granting it full access to the host's devices, kernel capabilities, and namespaces. Privileged containers effectively bypass all container isolation boundaries, allowing an attacker who compromises the container to escape to the underlying host with root-level access. This is the most critical container security misconfiguration.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_privileged_container', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum