Json Yaml Hostpath Volume Mount
Description
Identifies Kubernetes configurations that use hostPath volume mounts, which give containers direct access to the host filesystem. This poses a security risk as malicious containers could read or modify sensitive host files, potentially leading to system compromise or data breaches.
Detection Strategy
• Review Kubernetes manifest files for volume definitions within spec blocks
• Check if any volume definition includes a 'hostPath' configuration
• Flag all instances where hostPath volumes are defined, as they bypass container isolation by mounting host directories
• Consider each hostPath mount a potential vulnerability due to the security risks of exposing host filesystem to containers
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
containers:
- name: container
image: nginx...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
automountServiceAccountToken: false # Prevents auto-mounting of service account tokens
securityContext:
runAsNonRoot: true # Prevents container from running as root...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.