漏洞描述
Checks if any containers in Kubernetes Pods are configured to share the host's IPC namespace, which can lead to security risks.
k8s-containers-share-host-ipc: Containers sharing host IPC namespace
PoC代码[已公开]
id: k8s-containers-share-host-ipc
info:
name: Containers sharing host IPC namespace
author: princechaddha
severity: critical
description: Checks if any containers in Kubernetes Pods are configured to share the host's IPC namespace, which can lead to security risks.
impact: |
Sharing the host's IPC namespace allows containers to access data across all containers on the same host, posing potential security risks.
remediation: Ensure that no container in Kubernetes Pods is set to share the host IPC namespace. Configure 'spec.hostIPC' to 'false' for all pods to isolate IPC namespaces.
reference:
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
tags: cloud,devops,kubernetes,k8s,devsecops,pods,k8s-cluster-security
flow: |
code(1);
for (let pod of template.items) {
set("pod",pod)
javascript(1);
}
self-contained: true
code:
- engine:
- sh
- bash
source: kubectl get pods --all-namespaces --output=json
extractors:
- type: json
name: items
internal: true
json:
- '.items[]'
javascript:
- code: |
pod = JSON.parse(template.pod);
if (pod.spec.hostIPC) {
let result = (`Pod '${pod.metadata.name}' in namespace '${pod.metadata.namespace}' is configured to share the host IPC namespace.`);
Export(result);
}
extractors:
- type: dsl
dsl:
- response
# digest: 490a004630440220361ccd360a68d3f8093e01da417aebc5fa2be00cf4c7d0599440de3e1586dd070220604934ea743e4ebcff16171fec6abdf192eb57ebca62df944676ef1a1fa6bd71:922c64590222798bb761d5b6d8e72950