Lateral movement

Controller creating pods with enabled hostPID, hostIPC, hostNetwork and with privileged Docker

Platform(s)

  • Non-platform specific

Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
    • ,
  • CCPA
    • ,
  • CPRA
    • ,
  • essential_8_au
    • ,
  • GDPR
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • Mitre ATT&CK
    • ,
  • New Zealand Information Security Manual
    • ,
  • NIST 800-171
    • ,
  • NIST 800-53
    • ,
  • PDPA
    • ,
  • pipeda
    • ,
  • UK Cyber Essentials

Description

Docker privileged mode grants a Docker container root capabilities to all devices on the host system. hostPID when set to true allows a pod to have access to the host process ID namespace. hostNetwork when set to true allows the pod to use the network namespace and network resources of the node. hostIPC when set to true allows a pod to have access to the host IPC namespace. Controller {K8sController} was found configured with settings that allows creating a pod with all the above capabilities. The pod security attributes are responsible for limiting the potential attack vector beyond the pod-level context. An adversary can use these misconfiguration to compromise the cluster.
Need help?

Get a free Security Risk Assessment. Start today

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo