First published: Fri Mar 27 2020(Updated: )
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
Credit: jordan@liggitt.net jordan@liggitt.net
Affected Software | Affected Version | How to fix |
---|---|---|
Kubernetes Kubernetes | >=1.15.0<=1.15.9 | |
Kubernetes Kubernetes | >=1.16.0<=1.16.6 | |
Kubernetes Kubernetes | >=1.17.0<=1.17.2 | |
Fedoraproject Fedora | =32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8551 is a vulnerability in the Kubelet component of Kubernetes.
CVE-2020-8551 has a severity level of 6.5 (medium).
Versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 of Kubernetes are affected by CVE-2020-8551.
To fix CVE-2020-8551, update your Kubernetes version to 1.17.2, 1.16.6, or 1.15.10, depending on the version you are currently using.
You can find more information about CVE-2020-8551 at the following references: [link1](https://nvd.nist.gov/vuln/detail/CVE-2020-8551), [link2](https://github.com/kubernetes/kubernetes/issues/89377), [link3](https://github.com/kubernetes/kubernetes/pull/87913).