Json Yaml K8s Use Of Probe Host
Description
Detects the usage of the 'host' parameter in Kubernetes probes (liveness, readiness, startup) and lifecycle hooks, which can expose the host network to containers. Using host networking in probes bypasses network policies and can lead to unauthorized access to host resources.
Detection Strategy
• Examine container and init container specifications in Kubernetes manifests
• Look for probe configurations (liveness, readiness, startup) and lifecycle hooks (postStart, preStop) in container definitions
• Check if any probe or lifecycle hook handler configurations include a 'host' parameter
• Report a vulnerability if a host parameter is found in any probe or lifecycle hook configuration
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
containers:
- name: web
image: nginx...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
containers:
- name: web
image: nginx...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.