Vulnerability CVE-2020-8552

Vulnerability CVE-2020-8552

Published: 2020-03-27

Description:

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

Type:

CWE-770

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Kubernetes -> Kubernetes

References:

https://github.com/kubernetes/kubernetes/issues/89378

https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s

Copyright 2024, cxsecurity.com