šŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Sensitive Path Mount

Some of the host paths are sensitive and if they are mounted to a Pod, they can be abused to gain additional privileges. For example mounting /run/containerd/containerd.sock to a Pod, can allow a malicious container to run malice containers on the cluster.

Remediation

Remove sensitive paths mounts such as

[source]

/
/proc
/etc
/root
/var/run/docker.sock
/var/run/crio/crio.sock
/run/containerd/containerd.sock
/home/admin
/var/lib/kubelet
/var/lib/kubelet/pki
/etc/kubernetes
/etc/kubernetes/manifests

Metadata

  • Severity: high
  • Slug: sensitive-path-mount

CWEs

  • 269: Improper Privilege Management

OWASP

  • A04:2021: Insecure Design
  • A05:2021: Security Misconfiguration

Available Labs

Select a language to explore available labs for this vulnerability.

No matching labs found

Try adjusting your language filter.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.