What is CVE-2020-8552?

CVE-2020-8552 is a vulnerability in the Kubernetes API server component that allows for a denial of service attack via successful API requests.

What is the severity of CVE-2020-8552?

The severity of CVE-2020-8552 is medium with a CVSS score of 5.3.

Which versions of Kubernetes are affected by CVE-2020-8552?

Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 are affected by CVE-2020-8552.

How can I fix CVE-2020-8552?

To fix CVE-2020-8552, ensure that you are using Kubernetes version 1.15.9, 1.16.0-1.16.6, or 1.17.0-1.17.2.

Where can I find more information about CVE-2020-8552?

You can find more information about CVE-2020-8552 on the CVE website, NIST's vulnerability database, Kubernetes GitHub issues, Google Groups, and Red Hat Bugzilla and Errata.

Vulnerability/
CVE-2020-8552

medium

5.3

CWE

400 770 789

4/2/2020

23/3/2020

27/3/2020

15/2/2022

4/8/2024

CVE-2020-8552: Kubernetes API server denial of service

First published: Tue Feb 04 2020(Updated: )

A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash.

Credit: jordan@liggitt.net jordan@liggitt.net

Remedy

https://github.com/kubernetes/kubernetes/issues/89378

Remedy

Prevent unauthenticated or unauthorized access to all APIs

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2020-8552?
CVE-2020-8552 is a vulnerability in the Kubernetes API server component that allows for a denial of service attack via successful API requests.
What is the severity of CVE-2020-8552?
The severity of CVE-2020-8552 is medium with a CVSS score of 5.3.
Which versions of Kubernetes are affected by CVE-2020-8552?
Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 are affected by CVE-2020-8552.
How can I fix CVE-2020-8552?
To fix CVE-2020-8552, ensure that you are using Kubernetes version 1.15.9, 1.16.0-1.16.6, or 1.17.0-1.17.2.
Where can I find more information about CVE-2020-8552?
You can find more information about CVE-2020-8552 on the CVE website, NIST's vulnerability database, Kubernetes GitHub issues, Google Groups, and Red Hat Bugzilla and Errata.

collector/github-advisory-latest
alias/GHSA-82hx-w2r5-c2wq
alias/CVE-2020-8552
collector/github-advisory
collector/redhat-cve
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/first-publish-date
agent/softwarecombine
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/severity
agent/remedy
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/title
agent/tags
agent/event
package-manager/go
package-manager/redhat
vendor/kubernetes
canonical/kubernetes kubernetes
version/kubernetes kubernetes/1.15.9
version/kubernetes kubernetes/1.16.0
version/kubernetes kubernetes/1.16.6
version/kubernetes kubernetes/1.17.0
version/kubernetes kubernetes/1.17.2
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32

CVE-2020-8552: Kubernetes API server denial of service

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2020-8552?

What is the severity of CVE-2020-8552?

Which versions of Kubernetes are affected by CVE-2020-8552?

How can I fix CVE-2020-8552?

Where can I find more information about CVE-2020-8552?

Company

Resources

Contact

Affected Software	Affected Version	How to fix
redhat/atomic-enterprise-service-catalog	<1:3.11.219-1.git.1.717017c.el7	1:3.11.219-1.git.1.717017c.el7
redhat/atomic-openshift	<0:3.11.219-1.git.0.0c21387.el7	0:3.11.219-1.git.0.0c21387.el7
redhat/atomic-openshift-cluster-autoscaler	<0:3.11.219-1.git.1.1ad3e34.el7	0:3.11.219-1.git.1.1ad3e34.el7
redhat/atomic-openshift-descheduler	<0:3.11.219-1.git.1.7e5b9ee.el7	0:3.11.219-1.git.1.7e5b9ee.el7
redhat/atomic-openshift-dockerregistry	<0:3.11.219-1.git.1.8323991.el7	0:3.11.219-1.git.1.8323991.el7
redhat/atomic-openshift-metrics-server	<0:3.11.219-1.git.1.6fe54fb.el7	0:3.11.219-1.git.1.6fe54fb.el7
redhat/atomic-openshift-node-problem-detector	<0:3.11.219-1.git.1.5ae8753.el7	0:3.11.219-1.git.1.5ae8753.el7
redhat/atomic-openshift-service-idler	<0:3.11.219-1.git.1.958cdae.el7	0:3.11.219-1.git.1.958cdae.el7
redhat/golang-github-openshift-oauth-proxy	<0:3.11.219-1.git.1.076ae14.el7	0:3.11.219-1.git.1.076ae14.el7
redhat/golang-github-prometheus-alertmanager	<0:3.11.219-1.git.1.9a593f8.el7	0:3.11.219-1.git.1.9a593f8.el7
redhat/golang-github-prometheus-prometheus	<0:3.11.219-1.git.1.3f6e657.el7	0:3.11.219-1.git.1.3f6e657.el7
redhat/openshift-ansible	<0:3.11.219-1.git.0.8845382.el7	0:3.11.219-1.git.0.8845382.el7
redhat/openshift-enterprise-autoheal	<0:3.11.219-1.git.1.c544df9.el7	0:3.11.219-1.git.1.c544df9.el7
redhat/openshift-enterprise-cluster-capacity	<0:3.11.219-1.git.1.ca1ee51.el7	0:3.11.219-1.git.1.ca1ee51.el7
redhat/openshift-kuryr	<0:3.11.219-1.git.1.717d59f.el7	0:3.11.219-1.git.1.717d59f.el7
redhat/atomic-openshift	<0:3.11.248-1.git.0.92ee8ac.el7	0:3.11.248-1.git.0.92ee8ac.el7
redhat/openshift	<0:4.2.29-202004110432.git.0.f7d02c8.el8	0:4.2.29-202004110432.git.0.f7d02c8.el8
redhat/openshift	<0:4.3.9-202003230116.git.0.ebf9a26.el7	0:4.3.9-202003230116.git.0.ebf9a26.el7
Kubernetes Kubernetes	<=1.15.9
Kubernetes Kubernetes	>=1.16.0<=1.16.6
Kubernetes Kubernetes	>=1.17.0<=1.17.2
Fedoraproject Fedora	=32
go/k8s.io/apiserver	>=0.17.0<0.17.3	0.17.3
go/k8s.io/apiserver	>=0.16.0<0.16.7	0.16.7
go/k8s.io/apiserver	<0.15.10	0.15.10