Security News > 2020 > December > All Kubernetes versions affected by unpatched MiTM vulnerability
The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle attacks.
CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.
"If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods in the cluster," as Tim Allclair, a software engineer working on Kubernetes security at Apple, explained in a security advisory published on Monday.
Luckily, the vulnerability should affect a small number of Kubernetes deployments given that External IP services are not extensively used in multi-tenant clusters, and granting tenant users with patch service/status permissions for LoadBalancer IPs is not recommended.
To detect attacks attempting to exploit this vulnerability you have to manually audit external IP usage within multi-tenant clusters using the vulnerable features.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-21 | CVE-2020-8554 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. | 5.0 |