Information
The ability to create persistent volumes in a cluster can provide an opportunity for privilege escalation, via the creation of hostPath volumes. As persistent volumes are not covered by Pod Security Admission, a user with access to create persistent volumes may be able to get access to sensitive files from the underlying host even where restrictive Pod Security Admission policies are in place.
The ability to create persistent volumes in a cluster opens up possibilities for privilege escalation and should be restricted, where possible.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Where possible, remove create access to PersistentVolume objects in the cluster.