TF 0355 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Access to host ports
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
The configuration allows Kubernetes pods to bind container ports directly to host machine ports using the 'hostPort' setting. This practice bypasses network isolation between pods and the host, violating pod security standards.
Impact
Exposing host ports can enable attackers to access or interfere with services on the host, escalate privileges, or disrupt network traffic, increasing the risk of lateral movement and compromise of the entire cluster or underlying infrastructure.
Resolution
Do not set spec.containers[].ports[].hostPort and spec.initContainers[].ports[].hostPort.