Use privileged PodSecurityPolicy (deprecated)
Elevation of Privilege
Critical
Overview
| Field | Value |
|---|---|
| ID | 1078 |
| Name | Use privileged PodSecurityPolicy (deprecated) |
| Risk Category | Elevation of Privilege |
| Risk Level | Critical |
| Role Type | ClusterRole |
| API Groups | policy, extensions |
| Resources | podsecuritypolicies |
| Verbs | use |
| Tags | DeprecatedFeature NodeAccess PodSecurityPolicy PrivilegeEscalation |
Description
Allows a user/service account to use a specific PodSecurityPolicy (PSP) that may grant excessive privileges (e.g., hostPath mounts, privileged mode). If the PSP is overly permissive, this leads to direct privilege escalation by creating pods that use it. (Note: PSPs are deprecated in 1.21 and removed in 1.25).