Kubernetes Product Security Committee issues advice on how to block attackers from exploiting a vulnerability. The medium severity security issue is being tracked as CVE-2020-8554 and it was reported by Etienne Champetier of Anevia. It can be exploited remotely by attackers with basic tenant permissions (such as creating or editing services and pods) without user interaction as part of low complexity attacks. The vulnerability should only affect a small number of deployments given that External IP services are not extensively used in multi-tenant clusters.
Source: https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/