Json Yaml Windows Hostprocess Enabled
Description
Detects when Kubernetes pods are configured to enable Windows HostProcess containers, which allows containers to run with elevated privileges on the Windows host node. This configuration can be dangerous as it breaks container isolation and gives containers access to host resources.
Detection Strategy
• Scans Kubernetes manifest files for pod or container specifications
• Identifies container configurations that set 'hostProcess: true'
• Reports a security issue when Windows HostProcess containers are enabled since this grants containers elevated access to the host system
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
automountServiceAccountToken: false
securityContext:
windowsOptions:...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
automountServiceAccountToken: false # Good: Prevents automatic mounting of service account tokens
securityContext:
windowsOptions:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.