CVE
Definition
CVE, or Common Vulnerabilities and Exposures, is a list of publicly disclosed information security vulnerabilities and exposures. Each CVE entry contains an identification number, a description, and at least one public reference. The CVE system facilitates the sharing of data across separate vulnerability capabilities (tools, databases, and services) and provides a baseline for evaluating the coverage of an organization’s security tools.
Secure Settings Example
# Example of a secure Kubernetes PodSecurityPolicy configuration
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
Insecure Settings Example
# Example of an insecure Kubernetes PodSecurityPolicy configuration
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: permissive
spec:
privileged: true
allowPrivilegeEscalation: true
requiredDropCapabilities: []
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
volumes:
- '*'