An unpatched man-in-the-middle (MiTM) vulnerability has been discovered which affects all versions of Kubernetes and can be exploited remotely by attackers.
The medium severity vulnerability, discovered by Anevia's Etienne Champetier last year and tracked as CVE-2020-8554, enables an attacker with the ability to create or edit services and pods to intercept traffic from other pods (or nodes) without user interaction.
- Keep your devices virus free with the best malware removal software
- We've put together a list of the best ransomware protection available
- Also check out our roundup of the best endpoint protection software around
“If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster. This issue is a design flaw that cannot be mitigated without user-facing changes.”
External IP services
While this MiTM vulnerability affects all versions of Kubernetes, only a small number of deployments are vulnerable to potential attacks as External IP services are not widely used in multi-tenant clusters.
However, since a patch is unavailable at the moment, Allclair recommends that admins restrict access to the vulnerable features to protect their multi-tenant clusters.
This can be done by using an admission webhook container created by the Kubernetes Product Security Committee that is available to download here. Alternatively, external IPs can also be restricted by using OPA Gatekeeper.
To detect attacks exploiting this vulnerability, it is recommended that admins manually audit any external IP usage. At the same time though, users should not patch service status as audit events for patch service status requests authenticated to a user may be suspicious, according to Allclair.
- We've also highlighted the best antivirus software
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.