TF 0444 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
hostPath volumes mounted
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description
The configuration mounts a hostPath volume into a Kubernetes pod, which gives containers direct access to the underlying node's filesystem. This practice bypasses Kubernetes isolation and is not allowed by pod security standards.
Impact
Exploiting this vulnerability could allow a compromised container to read, modify, or delete files on the host node, potentially leading to container escapes, privilege escalation, or disruption of other workloads running on the same node.
Resolution
Do not set 'spec.volumes[*].hostPath'.