Lateral movement

Controller creating pods with hostIPC enabled

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

hostIPC when set to true allows a pod to have access to the host IPC namespace. Controller {K8sController} was found configured with settings that allows creating a pod with access to the host IPC namespace. The pod security attributes are responsible for limiting the potential attack vector beyond the pod-level context. An adversary can use these misconfiguration to compromise the cluster.

  • Recommended Mitigation

    Consider to disable the following attributes: HostIPC

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.