Pod ports should not be exposed through host ports

Severity	Exploitability	Providers	Categories
HIGH	LOW	Kubernetes	PERMISSION

Description

HostPort in container configuration allows access to container port through the host. Exposing ports through it should be avoided.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	False

Internal services might be publicly exposed through host, and thus exposed to various attack.

Remediation guidelines

Remove hostPort from containers configuration or limit exposed ports with a known list of ports.

References

• Pod security standards - Baseline - Host port

Was this page helpful?