Detect CVE-2020-8554 – Unpatched Man-In-The-Middle (MITM) Attack in Kubernetes

CVE-2020-8554 is a significant vulnerability in Kubernetes that allows attackers to conduct Man-in-the-Middle (MitM) attacks by exploiting ClusterIP and LoadBalancer services, due to the ability to set spec.externalIPs and status.loadBalancer.ingress.ip fields. Despite being discovered in 2020, no patch is available, leaving multi-tenant clusters particularly vulnerable. The blog discusses mitigation strategies using Sysdig Secure, Falco, and Open Policy Agent (OPA) to detect and restrict exploitation attempts by employing admission controllers, network policies, and runtime threat detection. These tools, designed specifically for Kubernetes, offer cloud-native security solutions that can help manage and reduce the risk posed by this vulnerability, although completely fixing it would require significant changes to the Kubernetes project. The use of NetworkPolicy implementations, such as Project Calico, further enhances network security by controlling traffic flow and preventing unauthorized access. The challenges of securing multi-cloud and multi-cluster environments are addressed by emphasizing the importance of continuous monitoring and configuration audits using cloud-native solutions to improve response times to potential threats.