HomesecurityAll versions of Kubernetes are affected by a vulnerability

All versions of Kubernetes are affected by a vulnerability

The Kubernetes Product Safety Committee has provided advice on how to temporarily prevent attackers from exploiting a vulnerability that would allow them to monitor traffic from other pods to Kubernetes multi-hire clusters in man-in-the-middle (MiTM) attacks. .


Kubernetes (also known as K8s), originally developed by Google and now maintained by the Cloud Native Computing Foundation, is a system open source Designed to help automate the development, scaling, and management of workloads, services, and applications that facilitate both configuration and automation.

Affected services are not widely developed

The issue of moderate severity is referred to as CVE-2020-8554 and was reported by Aienvia's Etienne Champetier.

It can be used remotely by intruders with basic tenant rights (such as creating or editing services and pods) without user interaction as part of low-level attacks complexity.

The CVE-2020-8554 is a design flaw that affects all versions of Kubernetes, with multi-tenant clusters allowing tenants to create and update services and pods being the most vulnerable to attacks.

Fortunately, the vulnerability should affect a small number of Kubernetes deployments, as external IP services do not they are used extensively in multi-tenant clusters.

How to block CVE-2020-8554 exploits

Because the Kubernetes development team has not yet provided a security update to address this issue, is recommended to managers to mitigate CVE-2020-8554 by limiting it access to the vulnerable possibilities.

You can use an input webhook container to limit external IP usage Source Code and development guidelines are available here..

External IP addresses can also be restricted with aid Open Policy Agent Gatekeeper for Kubernetes using restrictions and templates available here..

To detect attacks that attempt to exploit this vulnerability, you must manually check the external use of IPs in multi-tenant clusters using vulnerabilities possibilities.

Source of information:

Teo Ehc
Teo Ehc
Be the limited edition.