CVE-2020-8552

Aliases:GHSA-82hx-w2r5-c2wq
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 27 Mar 2020, 14:25
Last modified:04 Aug 2024, 10:03

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.07% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Mar 2020, 14:25
Published
Vulnerability first disclosed
04 Aug 2024, 10:03
Last Modified
Vulnerability information updated

Description

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

CVSS Metrics

  • v3.1MEDIUMScore: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • v3.1MEDIUMScore: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.07% Percentile: 23%

Techniques & Countermeasures

  • CWE-770Allocation of Resources Without Limits or Throttling

    The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

  • CWE-789Memory Allocation with Excessive Size Value

    The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Affected Systems

  • fedoraprojectfedora

    32

  • k8s.ioapiserver

    < 0.15.10 | ≥ 0.16.0, < 0.16.7 | ≥ 0.17.0, < 0.17.3

  • kuberneteskubernetes

    ≤ 1.15.9 | ≥ 1.16.0, ≤ 1.16.6 | ≥ 1.17.0, ≤ 1.17.2 | ≥ unspecified, < v1.17.3 | ≥ unspecified, < v1.16.7 | ≥ unspecified, < v1.15.10

References (10)