SYM_CONF_0016 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insufficient Control of Network Message Volume (Network Amplification)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-406: Insufficient Control of Network Message Volume (Network Amplification) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Setting 'hostNetwork: true' in a Kubernetes Pod specification allows the pod to use the host node's network namespace. This exposes the pod to the node's network interfaces and local services, which is generally unnecessary and can increase risk.
Impact
If exploited, a compromised pod could access network traffic intended for the host or other pods, potentially intercepting sensitive data or attacking services running on the node. This can lead to privilege escalation, data leaks, or disruption of network services within your Kubernetes cluster.