Unfixable Kubernetes Security Hole Means Potential Man-in-the-Middle Attacks

8 December 2020

if a hostile user can create a ClusterIP service and set the spec.externalIPs field, they can intercept traffic to that IP. In addition, if a user can patch the status of a LoadBalancer service, they can also grab traffic. Now, the latter is a privileged operation and Joe and Jane User shouldn’t have that right, but, in practice, mistakes are made and it happens.

Read full article on The New Stack

Date:

8 December 2020

Categorie(s):

NEWS

Tag(s):

Attacks, Hole, IT, Potential, Tutorials

London Drugs pharmacy closes all stores to respond to cyber incident30 April 2024
Health care giant comes clean about recent hack and paid ransom30 April 2024
FCC Fines Verizon, T-Mobile and AT&T $200 Million for Sharing Customer Location Data – CNET30 April 2024
Network security startup Corelight reels in $150M30 April 2024
How AI can benefit zero trust30 April 2024