Protection Mechanism Failure
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-693: Protection Mechanism Failure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Setting ‘hostIPC: true’ in a Kubernetes Pod configuration allows containers to share the host’s IPC namespace, breaking isolation between containers and the host. This makes it possible for container processes to interact with host processes directly.
Impact#
If exploited, attackers or compromised containers could access or interfere with processes running on the host machine, potentially leading to privilege escalation, data leakage, or disruption of critical host services. This undermines container security and increases the risk of wider system compromise.