All Kubernetes versions affected by unpatched MiTM vulnerability

2020-12-08 09:20

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle attacks.

CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.

"If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods in the cluster," as Tim Allclair, a software engineer working on Kubernetes security at Apple, explained in a security advisory published on Monday.

Luckily, the vulnerability should affect a small number of Kubernetes deployments given that External IP services are not extensively used in multi-tenant clusters, and granting tenant users with patch service/status permissions for LoadBalancer IPs is not recommended.

To detect attacks attempting to exploit this vulnerability you have to manually audit external IP usage within multi-tenant clusters using the vulnerable features.

News URL

https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/

#kubernetes #mitm #vulnerability #CVE-2020-8554

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-21	CVE-2020-8554	Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. network high complexity kubernetes oracle	5.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kubernetes		18	12	49	23	5	89