cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Preventing Kubernetes Man-in-the-Middle Attacks

On December 7th, 2020 the Kubernetes Product Security Committee disclosed a security issue that affects every multi-tenant Kubernetes cluster.

 

If an attacker can create or edit services and pods, then they can also intercept traffic from other pods in the cluster. This issue has been rated medium severity (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2), and assigned CVE-2020-8554. Notably, NO PATCH is available.

 

Protecting Kubernetes clusters pretty much sums up my December. Here are some tips using my favorite tools for detection. Stay safe and have fun protecting your Cloud!