Mitigating Kubernetes Security Vulnerability when using ExternalIP Services (CVE-2020-8554)
-
Earlier this month the Kubernetes project discovered a security issue affecting multitenant clusters: If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In the following image, a malicious party would be able to intercept traffic intended for Google’s public DNS server address ‘8.
https://rancher.com/blog/2020/mitigating-kubernetes-security-vulnerability-externalip-services-cve20208554/
© Lightnetics 2024