Security teams at Kubernetes have released a report regarding a Man-in-The-Middle (MiTM) vulnerability that would allow threat actors to steal traffic from other pods in Kubernetes clusters. At the moment there is no permanent solution, so experts only provided a few tips for temporarily mitigating this risk.
Kubernetes was originally developed by Google and now under the control of the Cloud Native Computing Foundation, and is an open source system for process automation such as deploying, scaling, and managing workloads, services, and containerized applications on host groups.
The vulnerability, considered of medium severity and identified as CVE-2020-8554, was reported by Etienne Champetier of the security firm Anevia and can be exploited remotely by unidentified threat actors with basic permissions without the need for user interaction.
Because this is a glitch in Kubernetes design, all currently used versions are affected: “If malicious hackers can create or edit services and pods, they may be able to intercept traffic from other pods in the container,” the report says. Fortunately it is not all bad news, as the report also notes that the vulnerability should affect only a small number of Kubernetes implementations, this because external IP services are not widely used.
The Kubernetes report includes a workaround to mitigate the risk of exploitation: Users should restrict access to vulnerable features by using an admission webhook container to limit the use of external IPs. The source code for implementing this workaround is available on kubernetes’ official platforms. It is also possible to restrict external IPs using the Open Policy Agent Gatekeeper policy controller.
To detect attacks that attempt to exploit this vulnerability, you must manually audit the use of external IPs within multi-tenant clusters using vulnerable features.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.