Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-726
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A privileged container is running on an internet-facing asset, combining the most severe container security misconfiguration with direct external network exposure. An attacker who exploits any vulnerability in the internet-facing service gains immediate access to a privileged container, enabling trivial escape to the host with full root capabilities. This represents a direct path from the internet to full host and potentially full cluster compromise.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_privileged_container', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Public Facing (True/False)
==
1
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum