Access to host PID
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
Enabling the ‘hostPID’ setting in Kubernetes pod specifications allows containers to share the host’s process ID namespace, exposing details about processes running on the underlying node. This configuration can unintentionally leak sensitive information such as environment variables or system configurations.
Impact#
If exploited, attackers inside compromised containers could view or interfere with host-level processes, increasing the risk of privilege escalation, information leakage, and lateral movement across the cluster, potentially compromising the security of the entire node.
Resolution#
Do not set ‘spec.template.spec.hostPID’ to true.