CVE-2020-8551: Kubelet DoS via API #89377
Labels
area/kubelet
area/security
committee/security-response
Denotes an issue or PR intended to be handled by the product security committee.
kind/bug
Categorizes issue or PR as related to a bug.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
sig/node
Categorizes an issue or PR as relevant to SIG Node.
CVSS Rating: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (Medium)
The Kubelet has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
Am I vulnerable?
If an attacker can make a request to an unpatched kubelet, then you may be vulnerable to this.
Affected Versions
How do I mitigate this vulnerability?
Limit access to the Kubelet API or patch the Kubelet.
Fixed Versions
To upgrade, refer to the documentation: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster
Acknowledgements
This vulnerability was reported by: Henrik Schmidt
/area security
/kind bug
/committee product-security
/sig node
/area kubelet
The text was updated successfully, but these errors were encountered: