Skip to content

Security(L-02): Hub-to-Nebi egress NetworkPolicy selects an entire namespace with no pod selector #178

Description

@dcmcand

Summary

The Hub-to-Nebi egress NetworkPolicy selects the entire Nebi namespace with no destination pod selector, so any pod in that namespace is reachable from the hub on the allowed port. The rule is port-scoped to TCP/8460 and only renders when a Nebi internal URL is configured, which bounds the exposure.

Severity: Low · CWE-284 (Improper Access Control)
Validation: Confirmed against HEAD f932d80 on 2026-07-14 (assessed at 69c84f7; unchanged since).

Evidence

  • templates/hub-nebi-networkpolicy.yaml:19-26: the egress to: peer has a namespaceSelector matching kubernetes.io/metadata.name: {{ .Values.nebi.namespace }} but no podSelector. Port defaults to 8460 (values.yaml:249).
  • The policy only renders when both nebi.internalURL and nebi.namespace are set (hub-nebi-networkpolicy.yaml:1). nebi.internalURL defaults to empty (values.yaml:240), so on a default install this policy is not emitted at all; it applies only once a deployer sets an explicit internal URL.

Impact

When the policy is active, a malicious or compromised pod in the Nebi namespace that listens on 8460 becomes reachable from the hub. The exposure is limited to that single port, not all traffic.

Remediation

  • Add a podSelector matching the exact Nebi workload labels alongside the namespace selector.
  • Use service identity where the CNI supports it.

Acceptance criteria

  • Unrelated pods listening on 8460 in the Nebi namespace remain unreachable from the hub.

Source: data-science-pack 0.1.0 security assessment (pinned commit 69c84f72df259ec755ed40bfc83f20158c550d55), finding L-02.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    Priority

    None yet

    Start date

    None yet

    Target date

    None yet

    Size

    None yet

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions