Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Kubernetes is an open source container orchestration system. CVE-2020-8554 is a design flaw that allows Kubernetes Services to intercept cluster traffic to any IP address.

This vulnerability occurs because a Kubernetes user is able to assign arbitrary IPs to their services. So, by selecting an IP that is already assigned to another endpoint, it is possible to intercept all cluster traffic to that IP.

The most vulnerable state is multi-tenant clusters because they may have the vulnerable configuration. At the moment, there is no patch for this vulnerability.