Objective: Gain unauthorized root access to the host system or achieve container escape, leading to data exfiltration, denial of service, or lateral movement within the network.
Gain Unauthorized Root Access to Host or Achieve Container Escape
/ | \
/ | \
/ | \
/ | \
/ | \
Exploit Abuse Misconfigured Exploit Vulnerabilities
Podman Podman Features in Container Images
Daemon
(if rootful)
| | |
| | |
Unauth. Rootless Known Image
API Access Podman Vulnerabilities
[CRITICAL] Bypass [CRITICAL]
[CRITICAL] |
|
Outdated
Base Image
[HIGH-RISK]
|
Insecure
Network
Config
[HIGH-RISK]
|
Volume
Mount
Abuse
[HIGH-RISK]
|
Privilege
Escalation
within
Container
[HIGH-RISK]
Attack Tree Path: Path 1: Unauthenticated API Access -> Gain Unauthorized Root Access
This is the most direct and critical path. If the API is exposed without authentication, the attacker immediately achieves their goal.
Attack Tree Path: Path 2: Rootless Podman Bypass -> Gain Unauthorized Root Access
This path bypasses the intended security of rootless Podman, leading to control over the host user's resources and potentially full root access.
Attack Tree Path: Path 3: Known Image Vulnerabilities -> Privilege Escalation within Container -> Exploit Container Runtime Vulnerabilities (Implicit in the tree, but not shown as a separate node) -> Gain Unauthorized Root Access
Step 1: Known Image Vulnerabilities: The attacker exploits a vulnerability in the application or a library within the container image to gain initial code execution. Step 2: Privilege Escalation within Container: The attacker leverages a misconfiguration within the container (e.g., a setuid binary, excessive capabilities) to gain higher privileges inside the container, often becoming root within the container's namespace. Step 3: Exploit Container Runtime Vulnerabilities (Implicit): The attacker then exploits a vulnerability in the container runtime (runC, crun) to escape the container and gain access to the host system. This step is implicit because it's a common follow-on to privilege escalation within the container, but the sub-tree focuses on the initial high-risk entry points. This is a classic and very common container escape scenario.
Attack Tree Path: Path 4: Outdated Base Image -> Known Image Vulnerabilities -> ... (same as Path 3)
An outdated base image often contains known vulnerabilities, making it a stepping stone to Path 3.
Attack Tree Path: Path 5: Insecure Network Configuration -> Exploit Vulnerabilities in Container Images -> ... (Potentially leading to Path 3)
An exposed service within the container, due to insecure network configuration, makes it easier for an attacker to reach and exploit vulnerabilities within the container image.
Attack Tree Path: Path 6: Volume Mount Abuse -> Exploit Vulnerabilities in Container Images -> ... (Potentially leading to Path 3)
If a container has write access to a sensitive host directory via a volume mount, an attacker could modify host files or gain access to sensitive data, potentially aiding in further exploitation.
Attack Tree Path: Path 7: Privilege Escalation within Container -> Exploit Container Runtime Vulnerabilities (Implicit) -> Gain Unauthorized Root Access
This path highlights that even without initial image vulnerabilities, if a container is run with excessive privileges, an attacker can potentially escape.