Controller creating pods with hostPID enabled and with privileged Docker

Lateral movement

Controller creating pods with hostPID enabled and with privileged Docker

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
essential_8_au
GDPR
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Docker privileged mode grants a Docker container root capabilities to all devices on the host system. hostPID when set to true allows a pod to have access to the host process ID namespace. Controller {K8sController} was found configured with settings that allows creating a pod with privileged Docker and with access to the host process ID namespace. The pod security attributes are responsible for limiting the potential attack vector beyond the pod-level context. An adversary can use these misconfiguration to compromise the cluster.

Recommended Mitigation

Consider to disable the following attributes: HostPID, Privileged

Controller creating pods with hostPID enabled and with privileged Docker

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS