The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.001.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedoraproject Subscribe
Fedora Subscribe
Kubernetes Subscribe
Kubernetes Subscribe
Redhat Subscribe
Openshift Subscribe

Configuration 1 [-]

OR cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat OpenShift Container Platform 3.11
atomic-enterprise-service-catalog-1:3.11.219-1.git.1.717017c.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-0:3.11.219-1.git.0.0c21387.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-cluster-autoscaler-0:3.11.219-1.git.1.1ad3e34.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-descheduler-0:3.11.219-1.git.1.7e5b9ee.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-dockerregistry-0:3.11.219-1.git.1.8323991.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-metrics-server-0:3.11.219-1.git.1.6fe54fb.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-node-problem-detector-0:3.11.219-1.git.1.5ae8753.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-service-idler-0:3.11.219-1.git.1.958cdae.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
golang-github-openshift-oauth-proxy-0:3.11.219-1.git.1.076ae14.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
golang-github-prometheus-alertmanager-0:3.11.219-1.git.1.9a593f8.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
golang-github-prometheus-node_exporter-0:3.11.219-1.git.1.7fa9674.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
golang-github-prometheus-prometheus-0:3.11.219-1.git.1.3f6e657.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
openshift-ansible-0:3.11.219-1.git.0.8845382.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
openshift-enterprise-autoheal-0:3.11.219-1.git.1.c544df9.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
openshift-enterprise-cluster-capacity-0:3.11.219-1.git.1.ca1ee51.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
openshift-kuryr-0:3.11.219-1.git.1.717d59f.el7 cpe:/a:redhat:openshift:3.11::el7 RHBA-2020:2215 2020-05-28T00:00:00Z
atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7 cpe:/a:redhat:openshift:3.11::el7 RHSA-2020:2992 2020-07-27T00:00:00Z
Red Hat OpenShift Container Platform 4.2
openshift4/ose-hyperkube:v4.2.29-202004140532 cpe:/a:redhat:openshift:4.2::el7 RHSA-2020:1526 2020-04-22T00:00:00Z
openshift-0:4.2.29-202004110432.git.0.f7d02c8.el8 cpe:/a:redhat:openshift:4.2::el7 RHSA-2020:1527 2020-04-22T00:00:00Z
openshift4/ose-openshift-apiserver-rhel7:v4.2.34-202005252115 cpe:/a:redhat:openshift:4.2::el7 RHSA-2020:2306 2020-06-03T00:00:00Z
Red Hat OpenShift Container Platform 4.3
openshift-0:4.3.9-202003230116.git.0.ebf9a26.el7 cpe:/a:redhat:openshift:4.3::el7 RHBA-2020:0929 2020-04-01T00:00:00Z
openshift4/ose-hyperkube:v4.3.9-202003230345 cpe:/a:redhat:openshift:4.3::el7 RHBA-2020:0930 2020-04-01T00:00:00Z
openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345 cpe:/a:redhat:openshift:4.3::el7 RHSA-2020:0933 2020-04-01T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-0898 The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
Github GHSA Github GHSA GHSA-82hx-w2r5-c2wq Kubernetes API Server DoS Via API Requests
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://github.com/kubernetes/kubernetes/issues/89378 cve-icon cve-icon cve-icon
https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s cve-icon
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-8552 cve-icon
https://security.netapp.com/advisory/ntap-20200413-0003/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-8552 cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published:

Updated: 2024-08-04T10:03:46.260Z

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8552

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-27T15:15:12.757

Modified: 2024-11-21T05:39:01.123

Link: CVE-2020-8552

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-03-23T00:00:00Z

Links: CVE-2020-8552 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses