Critical vulnerability affects all versions of Kubernetes

Security teams at Kubernetes have released a report regarding a Man-in-The-Middle (MiTM) vulnerability that would allow threat actors to steal traffic from other pods in Kubernetes clusters. At the moment there is no permanent solution, so experts only provided a few tips for temporarily mitigating this risk.

Kubernetes was originally developed by Google and now under the control of the Cloud Native Computing Foundation, and is an open source system for process automation such as deploying, scaling, and managing workloads, services, and containerized applications on host groups.

The vulnerability, considered of medium severity and identified as CVE-2020-8554, was reported by Etienne Champetier of the security firm Anevia and can be exploited remotely by unidentified threat actors with basic permissions without the need for user interaction.

La imagen tiene un atributo ALT vacío; su nombre de archivo es kubernets08122020.jpg

Because this is a glitch in Kubernetes design, all currently used versions are affected: “If malicious hackers can create or edit services and pods, they may be able to intercept traffic from other pods in the container,” the report says. Fortunately it is not all bad news, as the report also notes that the vulnerability should affect only a small number of Kubernetes implementations, this because external IP services are not widely used.

The Kubernetes report includes a workaround to mitigate the risk of exploitation: Users should restrict access to vulnerable features by using an admission webhook container to limit the use of external IPs. The source code for implementing this workaround is available on kubernetes’ official platforms. It is also possible to restrict external IPs using the Open Policy Agent Gatekeeper policy controller.

To detect attacks that attempt to exploit this vulnerability, you must manually audit the use of external IPs within multi-tenant clusters using vulnerable features.