Sensitive Path Mount

Some of the host paths are sensitive and if they are mounted to a Pod, they can be abused to gain additional privileges. For example mounting /run/containerd/containerd.sock to a Pod, can allow a malicious container to run malice containers on the cluster.

Remediation

Remove sensitive paths mounts such as

[source]

/
/proc
/etc
/root
/var/run/docker.sock
/var/run/crio/crio.sock
/run/containerd/containerd.sock
/home/admin
/var/lib/kubelet
/var/lib/kubelet/pki
/etc/kubernetes
/etc/kubernetes/manifests

Metadata

Severity: high
Slug: sensitive-path-mount

CWEs

269: Improper Privilege Management

OWASP

A04:2021: Insecure Design
A05:2021: Security Misconfiguration

Available Labs

Open Kubernetes labs in SecDim Play for this vulnerability.

easy

Mounts.k8s

Other Easy Kubernetes Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.