Privileged containers disable some of the security mechanisms which provide for container isolation. Access to a privileged container allows for breakout to the underlying host.
Access to a privileged container can allow an attacker to gain access to information from other applications running on the same machine and any data they process.
when using standard container runtimes (for example ContainerD or CRI-O) access to a privileged container allows for easy breakout to the underlying host, which in turn allows for access to all other workloads on that host and credentials for the node agent (Kubelet). This presents opportunities for privilege escalation, by design.
Identify affected resources
This kubectl command can be used to identify any privileged containers in a cluster
kubectl get pods --all-namespaces -o json | jq -r '.items | .spec.containers | select(.securityContext.privileged==true) | .name'
Remediate vulnerable resources
Review the list of containers from the check and, where possible, remove privileged access.