-
Notifications
You must be signed in to change notification settings - Fork 38.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-8552: apiserver DoS (oom) #89378
Labels
area/security
committee/security-response
Denotes an issue or PR intended to be handled by the product security committee.
kind/bug
Categorizes issue or PR as related to a bug.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
Comments
k8s-ci-robot
added
area/security
committee/security-response
Denotes an issue or PR intended to be handled by the product security committee.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
labels
Mar 23, 2020
Is it possible to include a link to the PR/commit that fixed this? |
This was fixed by #87669 |
This was fixed by #87673 in v1.17.3 |
/label official-cve-feed (Related to kubernetes/sig-security#1) |
k8s-ci-robot
added
the
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
label
Dec 2, 2021
This was referenced May 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/security
committee/security-response
Denotes an issue or PR intended to be handled by the product security committee.
kind/bug
Categorizes issue or PR as related to a bug.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
CVSS Rating: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (Medium)
The Kubernetes API server has been found to be vulnerable to a denial of service attack via authorized API requests.
Am I vulnerable?
If an attacker that can make an authorized resource request to an unpatched API server (see below), then you are vulnerable to this. Prior to v1.14, this was possible via unauthenticated requests by default.
Affected Versions
How do I mitigate this vulnerability?
Prior to upgrading, this vulnerability can be mitigated by:
Fixed Versions
To upgrade, refer to the documentation: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster
Acknowledgements
This vulnerability was reported by: Gus Lees (Amazon)
/area security
/kind bug
/committee product-security
/sig api-machinery
The text was updated successfully, but these errors were encountered: