What is CVE-2020-8551?

CVE-2020-8551 is a vulnerability in the Kubelet component of Kubernetes.

What is the severity of CVE-2020-8551?

CVE-2020-8551 has a severity level of 6.5 (medium).

Which versions of Kubernetes are affected by CVE-2020-8551?

Versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 of Kubernetes are affected by CVE-2020-8551.

How can I fix CVE-2020-8551?

To fix CVE-2020-8551, update your Kubernetes version to 1.17.2, 1.16.6, or 1.15.10, depending on the version you are currently using.

Where can I find more information about CVE-2020-8551?

You can find more information about CVE-2020-8551 at the following references: [link1](https://nvd.nist.gov/vuln/detail/CVE-2020-8551), [link2](https://github.com/kubernetes/kubernetes/issues/89377), [link3](https://github.com/kubernetes/kubernetes/pull/87913).

Vulnerability/
CVE-2020-8551

medium

6.5

CWE

770 789

27/3/2020

15/2/2022

4/8/2024

CVE-2020-8551: Kubernetes kubelet denial of service

First published: Fri Mar 27 2020(Updated: )

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Credit: jordan@liggitt.net jordan@liggitt.net

Affected Software	Affected Version	How to fix
Kubernetes Kubernetes	>=1.15.0<=1.15.9
Kubernetes Kubernetes	>=1.16.0<=1.16.6
Kubernetes Kubernetes	>=1.17.0<=1.17.2
Fedoraproject Fedora	=32

Remedy

https://github.com/kubernetes/kubernetes/issues/89377

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8551?
CVE-2020-8551 is a vulnerability in the Kubelet component of Kubernetes.
What is the severity of CVE-2020-8551?
CVE-2020-8551 has a severity level of 6.5 (medium).
Which versions of Kubernetes are affected by CVE-2020-8551?
Versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 of Kubernetes are affected by CVE-2020-8551.
How can I fix CVE-2020-8551?
To fix CVE-2020-8551, update your Kubernetes version to 1.17.2, 1.16.6, or 1.15.10, depending on the version you are currently using.
Where can I find more information about CVE-2020-8551?
You can find more information about CVE-2020-8551 at the following references: [link1](https://nvd.nist.gov/vuln/detail/CVE-2020-8551), [link2](https://github.com/kubernetes/kubernetes/issues/89377), [link3](https://github.com/kubernetes/kubernetes/pull/87913).

collector/github-advisory-latest
alias/GHSA-qhm4-jxv7-j9pq
alias/CVE-2020-8551
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/weakness
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/remedy
agent/last-modified-date
agent/title
agent/tags
agent/description
agent/event
agent/first-publish-date
package-manager/go
vendor/kubernetes
canonical/kubernetes kubernetes
version/kubernetes kubernetes/1.15.0
version/kubernetes kubernetes/1.15.9
version/kubernetes kubernetes/1.16.0
version/kubernetes kubernetes/1.16.6
version/kubernetes kubernetes/1.17.0
version/kubernetes kubernetes/1.17.2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32