Posts under CVE-2020-8554
This week, the Kubernetes Product Security Committee disclosed a new security issue (CVE-2020-8554) that affects every version of Kubernetes. It is medium severity and no patch is available. Kubernetes administrators are advised to (1) limit certain cluster permissions as well as (2) restrict and manually audit external IP usage within clusters. It is also recommended that multi-tenant cluster scenarios be reconsidered where possible and appropriate. Vulnerability Summary CVE-2020-8554 is a man-in-the-middle (MITM) vulnerability that exists in every version of Kubernetes with the most significant impact on multitenant clusters.