Controller creating pods with enabled hostPID, hostIPC, hostNetwork and with privileged Docker

Lateral movement

Controller creating pods with enabled hostPID, hostIPC, hostNetwork and with privileged Docker

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
essential_8_au
GDPR
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Docker privileged mode grants a Docker container root capabilities to all devices on the host system. hostPID when set to true allows a pod to have access to the host process ID namespace. hostNetwork when set to true allows the pod to use the network namespace and network resources of the node. hostIPC when set to true allows a pod to have access to the host IPC namespace. Controller {K8sController} was found configured with settings that allows creating a pod with all the above capabilities. The pod security attributes are responsible for limiting the potential attack vector beyond the pod-level context. An adversary can use these misconfiguration to compromise the cluster.

Recommended Mitigation

Consider to disable the following attributes: HostNetwork, HostPID, HostIPC, Privileged

Controller creating pods with enabled hostPID, hostIPC, hostNetwork and with privileged Docker

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS