Access to host network
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
Enabling ‘hostNetwork: true’ in a Kubernetes pod or controller configuration allows the pod to share the host node’s network namespace, giving pod processes direct access to the host’s network interfaces and loopback adapter. This bypasses normal container network isolation.
Impact#
Attackers gaining access to such pods could intercept or interfere with network traffic on the host, perform lateral movement, or exploit network services running on the host, increasing the risk of privilege escalation and broadening the attack surface within the cluster.
Resolution#
Do not set ‘spec.template.spec.hostNetwork’ to true.