TF 0272 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Access to host PID
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
Enabling the 'hostPID' setting in Kubernetes pod specifications allows containers to share the host's process ID namespace, exposing details about processes running on the underlying node. This configuration can unintentionally leak sensitive information such as environment variables or system configurations.
Impact
If exploited, attackers inside compromised containers could view or interfere with host-level processes, increasing the risk of privilege escalation, information leakage, and lateral movement across the cluster, potentially compromising the security of the entire node.
Resolution
Do not set 'spec.template.spec.hostPID' to true.