CVE-2020-8552: apiserver DoS (oom) #89378
Labels
area/security
committee/security-response
Denotes an issue or PR intended to be handled by the product security committee.
kind/bug
Categorizes issue or PR as related to a bug.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
CVSS Rating: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (Medium)
The Kubernetes API server has been found to be vulnerable to a denial of service attack via authorized API requests.
Am I vulnerable?
If an attacker that can make an authorized resource request to an unpatched API server (see below), then you are vulnerable to this. Prior to v1.14, this was possible via unauthenticated requests by default.
Affected Versions
How do I mitigate this vulnerability?
Prior to upgrading, this vulnerability can be mitigated by:
Fixed Versions
To upgrade, refer to the documentation: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster
Acknowledgements
This vulnerability was reported by: Gus Lees (Amazon)
/area security
/kind bug
/committee product-security
/sig api-machinery
The text was updated successfully, but these errors were encountered: