Json Yaml Host Pid Enabled
Description
Detects Kubernetes configurations that enable hostPID, which allows containers to share the host's process namespace. This is a security risk as it gives containers visibility into all processes running on the host node and enables potential interference with host processes.
Detection Strategy
• Identifies Kubernetes resource manifests (like Pod, Deployment, etc.) in YAML/JSON format
• Checks for hostPID: true configuration in the pod spec section
• Reports a vulnerability when a container is configured to share the host PID namespace
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
hostPID: true # SECURITY ISSUE: Allows pod to see all processes on the host node
containers:
- name: container...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
labels:
app: nginx
spec:
# Removed hostPID: true to prevent access to host processes...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.