Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8552

Опубликовано: 23 мар. 2020
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash.

Меры по смягчению последствий

Prevent unauthenticated or unauthorized access to all APIs

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4openshift4/ose-hypershiftWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-service-catalogWill not fix
Red Hat Storage 3heketiNot affected
Red Hat OpenShift Container Platform 3.11atomic-enterprise-service-catalogFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshiftFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshift-cluster-autoscalerFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshift-deschedulerFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshift-dockerregistryFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshift-metrics-serverFixedRHBA-2020:221528.05.2020
Red Hat OpenShift Container Platform 3.11atomic-openshift-node-problem-detectorFixedRHBA-2020:221528.05.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1797909kubernetes: Use of unbounded 'client' label in apiserver_request_total allows for memory exhaustion

EPSS

Процентиль: 38%
0.00161
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8552

CVSS3: 5.3
ubuntu
около 5 лет назад

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

nvd логотип

CVE-2020-8552

CVSS3: 5.3
nvd
около 5 лет назад

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

debian логотип

CVE-2020-8552

CVSS3: 5.3
debian
около 5 лет назад

The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...

github логотип

GHSA-82hx-w2r5-c2wq

CVSS3: 5.3
github
больше 3 лет назад

Kubernetes API Server DoS Via API Requests

EPSS

Процентиль: 38%
0.00161
Низкий

4.3 Medium

CVSS3