vulnerability

Red Hat OpenShift: CVE-2020-8554: kubernetes: MITM using LoadBalancer or ExternalIPs

Name: Red Hat OpenShift: CVE-2020-8554: kubernetes: MITM using LoadBalancer or ExternalIPs
Creator: Red Hat
Published: 2021-01-21T00:00:00.000Z
Keywords: CVE, CWE-283, Red Hat OpenShift, 2020, 8554, kubernetes, linuxrpm-upgrade-atomic-openshift, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Jan 21, 2021

Added

Jan 21, 2021

Modified

Aug 11, 2025

Description

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Solution

linuxrpm-upgrade-atomic-openshift

References

CVE-2020-8554
https://attackerkb.com/topics/CVE-2020-8554
CWE-283
REDHAT-RHSA-2021:0079

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today