Access to host IPC namespace
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
Setting ‘hostIPC’ to true in Kubernetes pod specifications allows containers to share the host’s IPC namespace, enabling processes inside the container to communicate directly with processes on the host. This breaks container isolation and exposes sensitive host resources.
Impact#
Exploiting shared IPC namespaces can let attackers in a compromised container access or interfere with host processes, potentially leading to sensitive data exposure, privilege escalation, or disruption of host system services.
Resolution#
Do not set ‘spec.template.spec.hostIPC’ to true.