Json Yaml Host Ipc Enabled
Description
Detects when Kubernetes configurations enable host IPC namespace sharing (hostIPC: true). This allows pods to communicate with host processes via IPC mechanisms, which breaks container isolation and could lead to privilege escalation.
Detection Strategy
• Examines Kubernetes manifest files (YAML/JSON) for pod or workload specifications
• Identifies configurations where 'hostIPC: true' is set in the pod spec
• Reports a vulnerability when a pod or workload is configured to share the host's IPC namespace
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
hostIPC: true # Vulnerable: Allows pod to access host IPC namespace
containers:
- name: app...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
labels:
name: nginx-pod
spec:
# Removed dangerous hostIPC access...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.