TF 0291 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Access to host IPC namespace
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
Setting 'hostIPC' to true in Kubernetes pod specifications allows containers to share the host's IPC namespace, enabling processes inside the container to communicate directly with processes on the host. This breaks container isolation and exposes sensitive host resources.
Impact
Exploiting shared IPC namespaces can let attackers in a compromised container access or interfere with host processes, potentially leading to sensitive data exposure, privilege escalation, or disruption of host system services.
Resolution
Do not set 'spec.template.spec.hostIPC' to true.