HostNS Privilege Escalation

All host namespaces should be disabled unless they are explicitly needed.

HostPID: Governs whether the pod containers can share the host process ID namespace. It's important to note that when combined with ptrace, this can be exploited to escalate privileges outside of the container. (ptrace is forbidden by default).
HostIPC: Governs whether the pod containers can share the host IPC namespace.
HostNetwork: Governs whether the pod may use the node network namespace. Enabling this provides the pod access to the loopback device, services listening on localhost, and could potentially be exploited to monitor network activity of other pods on the same node.

Remediation

Set hostPID, hostIPC, and hostNetwork to false

Metadata

Severity: high
Slug: hostns-privilege-escalation

CWEs

269: Improper Privilege Management
266: Incorrect Privilege Assignment

OWASP

A04:2021: Insecure Design

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

easy

HostNS.k8s

Other Easy Kubernetes Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.