CodeBuild Project Has Privileged Mode Enabled

Overview

UPDATE: Security Hub retired this control and removed it from all standards. Enabling privileged mode in a CodeBuild project does not impose an additional risk to the customer environment

This check verifies whether the privileged mode is enabled in the AWS CodeBuild project environment; failure occurs if privileged mode is detected.

By default, Docker containers deny device access. Enabling privileged mode grants the CodeBuild project's Docker container access to all devices. When set to true, privilegedMode allows the Docker daemon to run within the container, managing Docker entities like images, containers, networks, and volumes.

This setting should only be true for projects building Docker images; otherwise, it must be disabled to prevent inadvertent access to Docker APIs and the container's hardware. Setting privilegedMode to false safeguards critical resources from unauthorized tampering and deletion.

Vendor

AWS

Cloud Service

CodeBuild

Severity

Item Types

AWS::CodeBuild::Project

Overview​

Vendor​

Cloud Service​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Severity

Item Types