Back to all scenarios
Scenario #363
Storage
Kubernetes v1.22, single-node dev cluster

HostPath Volume Access Leaks Host Data into Container

HostPath volume mounted the wrong directory, exposing sensitive host data to the container.

Find this helpful?
What Happened

Misconfigured path / instead of /data allowed container full read access to host.

Diagnosis Steps
  • 1Container listed host files under /mnt/host.
  • 2Pod manifest showed path: /.
Root Cause

Typo in the volume path.

Fix/Workaround
• Corrected volume path in manifest.
• Revoked pod access.
Lessons Learned

HostPath has minimal safety nets.

How to Avoid
  • 1Avoid using HostPath unless absolutely necessary.
  • 2Validate mount paths through automated policies.
Previous ScenarioNext Scenario