Lateral movement

Controller creating pods with hostNetwork enabled

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • AKS CIS
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • EKS CIS
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • K8s CIS
  • ,
  • Mitre ATT&CK
  • ,
  • NIST 800-190

Description

hostNetwork when set to true allows the pod to use the network namespace and network resources of the node. In this case, the pod can access loopback devices, listen to addresses, and monitor the traffic of other pods on the node. Controller {K8sController} was found configured with settings that allows creating a pod that can use network namespace and network resources of the node. The pod security attributes are responsible for limiting the potential attack vector beyond the pod-level context. An adversary can use these misconfiguration to compromise the cluster.