All versions of Kubernetes found to be at risk of attack



An unpatched man-in-the-middle (MiTM) vulnerability has been discovered which affects all versions of Kubernetes and can be exploited remotely by attackers.

The medium severity vulnerability, discovered by Anevia’s Etienne Champetier last year and tracked as CVE-2020-8554, enables an attacker with the ability to create or edit services and pods to intercept traffic from other pods (or nodes) without user interaction.


Source link