CVE-2020-8554

This repository contains CI/CD pipelines, Docker configurations, and Kubernetes deployment manifests for the Rancher ExternalIP Webhook project but lacks any exploit code or technical details related to CVE-2020-8554.

This repository provides Policy Controller configurations to mitigate CVE-2020-8554 by restricting Kubernetes Services from using unauthorized external IPs. It includes templates and constraints for both allowlisting specific IPs and blocking CIDR ranges.

This repository provides mitigation guidance and Prisma Cloud Compute Admission rules for CVE-2020-8554, a Kubernetes design flaw allowing Man-in-The-Middle attacks via service IP interception. It includes technical details about the vulnerability but does not contain exploit code.

This repository provides a technical mitigation strategy for CVE-2020-8554 using Anthos Config Management's Policy Management to prevent the creation of public IP addresses in Kubernetes services. It includes constraint templates and validation scripts to enforce policies against LoadBalancer service types.

This repository provides a Gatekeeper constraint template to mitigate CVE-2020-8554, which involves Kubernetes Services with externalIPs. It includes a ConstraintTemplate and a constraint to restrict externalIPs except for those in an allowlist.

This repository contains a functional proof-of-concept exploit for CVE-2020-8554, which allows an attacker to bypass Kubernetes service validation by manipulating the `externalIPs` field in a LoadBalancer service. The exploit demonstrates how an attacker can assign arbitrary external IPs to a service, potentially leading to traffic interception or man-in-the-middle attacks.