Detect CVE-2020-8555 using Falco

Kaizhe Huang's blog post discusses the detection of the CVE-2020-8555 vulnerability using Falco, an open-source tool for runtime threat detection in containers and Kubernetes. The vulnerability is a Server Side Request Forgery (SSRF) in kube-controller-manager, allowing certain authorized users to leak data from the master's host network. It affects specific Kubernetes versions and is associated with certain storage volume types, including GlusterFS, Quobyte, StorageFS, and ScaleIO. Falco can be configured to detect attempts to exploit this vulnerability by writing customizable rules to monitor for the creation of vulnerable Pods or StorageClass objects. The post emphasizes the importance of detecting exploitation attempts and suggests mitigating the vulnerability by adding endpoint protections, restricting the use of vulnerable volumes, and controlling StorageClass write permissions through RBAC.