Pod ports should not be exposed through host ports
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | Kubernetes | PERMISSION |
Description
HostPort in container configuration allows access to container port through the host. Exposing ports through it should be avoided.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Internal services might be publicly exposed through host, and thus exposed to various attack.
Remediation guidelines
Remove hostPort from containers configuration or limit exposed ports with a known list of ports.