hostPath volumes mounted
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
The configuration mounts a hostPath volume into a Kubernetes pod, which gives containers direct access to the underlying node’s filesystem. This practice bypasses Kubernetes isolation and is not allowed by pod security standards.
Impact#
Exploiting this vulnerability could allow a compromised container to read, modify, or delete files on the host node, potentially leading to container escapes, privilege escalation, or disruption of other workloads running on the same node.
Resolution#
Do not set ‘spec.volumes[*].hostPath’.