CVE-2020-8552 - Vulnerability Details

Vendors	Products
Fedoraproject	Fedora
Kubernetes	Kubernetes
Redhat	Openshift

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 3.11
atomic-enterprise-service-catalog-1:3.11.219-1.git.1.717017c.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-0:3.11.219-1.git.0.0c21387.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-cluster-autoscaler-0:3.11.219-1.git.1.1ad3e34.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-descheduler-0:3.11.219-1.git.1.7e5b9ee.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-dockerregistry-0:3.11.219-1.git.1.8323991.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-metrics-server-0:3.11.219-1.git.1.6fe54fb.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-node-problem-detector-0:3.11.219-1.git.1.5ae8753.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-service-idler-0:3.11.219-1.git.1.958cdae.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
golang-github-openshift-oauth-proxy-0:3.11.219-1.git.1.076ae14.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
golang-github-prometheus-alertmanager-0:3.11.219-1.git.1.9a593f8.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
golang-github-prometheus-node_exporter-0:3.11.219-1.git.1.7fa9674.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
golang-github-prometheus-prometheus-0:3.11.219-1.git.1.3f6e657.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
openshift-ansible-0:3.11.219-1.git.0.8845382.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
openshift-enterprise-autoheal-0:3.11.219-1.git.1.c544df9.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
openshift-enterprise-cluster-capacity-0:3.11.219-1.git.1.ca1ee51.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
openshift-kuryr-0:3.11.219-1.git.1.717d59f.el7	cpe:/a:redhat:openshift:3.11::el7	RHBA-2020:2215	2020-05-28T00:00:00Z
atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7	cpe:/a:redhat:openshift:3.11::el7	RHSA-2020:2992	2020-07-27T00:00:00Z
Red Hat OpenShift Container Platform 4.2
openshift4/ose-hyperkube:v4.2.29-202004140532	cpe:/a:redhat:openshift:4.2::el7	RHSA-2020:1526	2020-04-22T00:00:00Z
openshift-0:4.2.29-202004110432.git.0.f7d02c8.el8	cpe:/a:redhat:openshift:4.2::el7	RHSA-2020:1527	2020-04-22T00:00:00Z
openshift4/ose-openshift-apiserver-rhel7:v4.2.34-202005252115	cpe:/a:redhat:openshift:4.2::el7	RHSA-2020:2306	2020-06-03T00:00:00Z
Red Hat OpenShift Container Platform 4.3
openshift-0:4.3.9-202003230116.git.0.ebf9a26.el7	cpe:/a:redhat:openshift:4.3::el7	RHBA-2020:0929	2020-04-01T00:00:00Z
openshift4/ose-hyperkube:v4.3.9-202003230345	cpe:/a:redhat:openshift:4.3::el7	RHBA-2020:0930	2020-04-01T00:00:00Z
openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345	cpe:/a:redhat:openshift:4.3::el7	RHSA-2020:0933	2020-04-01T00:00:00Z

Link	Providers
https://github.com/kubernetes/kubernetes/issues/89378
https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
https://nvd.nist.gov/vuln/detail/CVE-2020-8552
https://security.netapp.com/advisory/ntap-20200413-0003/
https://www.cve.org/CVERecord?id=CVE-2020-8552

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThan": "v1.17.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "v1.16.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "v1.15.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Gus Lees (Amazon)"}], "descriptions": [{"lang": "en", "value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "description": "CWE-789 Uncontrolled Memory Allocation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-24T02:06:19", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/89378"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200413-0003/"}, {"name": "FEDORA-2020-aeea04cd13", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/89378"], "discovery": "EXTERNAL"}, "title": "Kubernetes API server denial of service", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "ID": "CVE-2020-8552", "STATE": "PUBLIC", "TITLE": "Kubernetes API server denial of service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<", "version_value": "v1.17.3"}, {"version_affected": "<", "version_value": "v1.16.7"}, {"version_affected": "<", "version_value": "v1.15.10"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Gus Lees (Amazon)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-789 Uncontrolled Memory Allocation"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s", "refsource": "MISC", "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"}, {"name": "https://github.com/kubernetes/kubernetes/issues/89378", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/89378"}, {"name": "https://security.netapp.com/advisory/ntap-20200413-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200413-0003/"}, {"name": "FEDORA-2020-aeea04cd13", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/89378"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.260Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/89378"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200413-0003/"}, {"name": "FEDORA-2020-aeea04cd13", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8552", "datePublished": "2020-03-27T14:25:15", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-08-04T10:03:46.260Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Kubernetes (string)

vendor : Kubernetes (string)

versions : [ »

0 : { »

lessThan : v1.17.3 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : v1.16.7 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

2 : { »

lessThan : v1.15.10 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Gus Lees (Amazon) (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-789 (string)

description : CWE-789 Uncontrolled Memory Allocation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-07-24T02:06:19 (string)

orgId : a6081bf6-c852-4425-ad4f-a67919267565 (string)

shortName : kubernetes (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/kubernetes/kubernetes/issues/89378 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

}

3 : { »

name : FEDORA-2020-aeea04cd13 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ (string)

}

]

source : { »

defect : [ »

0 : https://github.com/kubernetes/kubernetes/issues/89378 (string)

]

discovery : EXTERNAL (string)

}

title : Kubernetes API server denial of service (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@kubernetes.io (string)

ID : CVE-2020-8552 (string)

STATE : PUBLIC (string)

TITLE : Kubernetes API server denial of service (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Kubernetes (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : v1.17.3 (string)

}

1 : { »

version_affected : < (string)

version_value : v1.16.7 (string)

}

2 : { »

version_affected : < (string)

version_value : v1.15.10 (string)

}

]

}

]

}

vendor_name : Kubernetes (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Gus Lees (Amazon) (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-789 Uncontrolled Memory Allocation (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s (string)

refsource : MISC (string)

url : https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s (string)

}

1 : { »

name : https://github.com/kubernetes/kubernetes/issues/89378 (string)

refsource : MISC (string)

url : https://github.com/kubernetes/kubernetes/issues/89378 (string)

}

2 : { »

name : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

refsource : CONFIRM (string)

url : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

}

3 : { »

name : FEDORA-2020-aeea04cd13 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ (string)

}

]

}

source : { »

defect : [ »

0 : https://github.com/kubernetes/kubernetes/issues/89378 (string)

]

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:03:46.260Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/kubernetes/kubernetes/issues/89378 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

}

3 : { »

name : FEDORA-2020-aeea04cd13 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : a6081bf6-c852-4425-ad4f-a67919267565 (string)

assignerShortName : kubernetes (string)

cveId : CVE-2020-8552 (string)

datePublished : 2020-03-27T14:25:15 (string)

dateReserved : 2020-02-03T00:00:00 (string)

dateUpdated : 2024-08-04T10:03:46.260Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "07761E41-21F4-466F-A602-4DC9BD1257CE", "versionEndIncluding": "1.15.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "02C07F21-ECB7-4BD2-85AF-C2BB24F175FF", "versionEndIncluding": "1.16.6", "versionStartIncluding": "1.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE0FF258-1EFA-4FF0-84C7-B2976BD70BD3", "versionEndIncluding": "1.17.2", "versionStartIncluding": "1.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."}, {"lang": "es", "value": "Se detect\u00f3 que el componente servidor de la API Kubernetes en versiones anteriores a 1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegaci\u00f3n de servicio versiones por medio de unas peticiones de la API con \u00e9xito."}], "id": "CVE-2020-8552", "lastModified": "2024-11-21T05:39:01.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-27T15:15:12.757", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/89378"}, {"source": "jordan@liggitt.net", "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"}, {"source": "jordan@liggitt.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200413-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/89378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200413-0003/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 07761E41-21F4-466F-A602-4DC9BD1257CE (string)

versionEndIncluding : 1.15.9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 02C07F21-ECB7-4BD2-85AF-C2BB24F175FF (string)

versionEndIncluding : 1.16.6 (string)

versionStartIncluding : 1.16.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DE0FF258-1EFA-4FF0-84C7-B2976BD70BD3 (string)

versionEndIncluding : 1.17.2 (string)

versionStartIncluding : 1.17.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* (string)

matchCriteriaId : 36D96259-24BD-44E2-96D9-78CE1D41F956 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. (string)

}

1 : { »

lang : es (string)

value : Se detectó que el componente servidor de la API Kubernetes en versiones anteriores a 1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegación de servicio versiones por medio de unas peticiones de la API con éxito. (string)

}

]

id : CVE-2020-8552 (string)

lastModified : 2024-11-21T05:39:01.123 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : jordan@liggitt.net (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-03-27T15:15:12.757 (string)

references : [ »

0 : { »

source : jordan@liggitt.net (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/kubernetes/kubernetes/issues/89378 (string)

}

1 : { »

source : jordan@liggitt.net (string)

url : https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s (string)

}

2 : { »

source : jordan@liggitt.net (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ (string)

}

3 : { »

source : jordan@liggitt.net (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/kubernetes/kubernetes/issues/89378 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.netapp.com/advisory/ntap-20200413-0003/ (string)

}

]

sourceIdentifier : jordan@liggitt.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-789 (string)

}

]

source : jordan@liggitt.net (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-770 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Gus Lees (Amazon) as the original reporter.", "affected_release": [{"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-enterprise-service-catalog-1:3.11.219-1.git.1.717017c.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.219-1.git.0.0c21387.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-cluster-autoscaler-0:3.11.219-1.git.1.1ad3e34.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-descheduler-0:3.11.219-1.git.1.7e5b9ee.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-dockerregistry-0:3.11.219-1.git.1.8323991.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-metrics-server-0:3.11.219-1.git.1.6fe54fb.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-node-problem-detector-0:3.11.219-1.git.1.5ae8753.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-service-idler-0:3.11.219-1.git.1.958cdae.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-openshift-oauth-proxy-0:3.11.219-1.git.1.076ae14.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-alertmanager-0:3.11.219-1.git.1.9a593f8.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-node_exporter-0:3.11.219-1.git.1.7fa9674.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "golang-github-prometheus-prometheus-0:3.11.219-1.git.1.3f6e657.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-ansible-0:3.11.219-1.git.0.8845382.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-autoheal-0:3.11.219-1.git.1.c544df9.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-enterprise-cluster-capacity-0:3.11.219-1.git.1.ca1ee51.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHBA-2020:2215", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift-kuryr-0:3.11.219-1.git.1.717d59f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-05-28T00:00:00Z"}, {"advisory": "RHSA-2020:2992", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-07-27T00:00:00Z"}, {"advisory": "RHSA-2020:1526", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "openshift4/ose-hyperkube:v4.2.29-202004140532", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:1527", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "openshift-0:4.2.29-202004110432.git.0.f7d02c8.el8", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:2306", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "openshift4/ose-openshift-apiserver-rhel7:v4.2.34-202005252115", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-06-03T00:00:00Z"}, {"advisory": "RHBA-2020:0929", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-0:4.3.9-202003230116.git.0.ebf9a26.el7", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHBA-2020:0930", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift4/ose-hyperkube:v4.3.9-202003230345", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-04-01T00:00:00Z"}, {"advisory": "RHSA-2020:0933", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-04-01T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Use of unbounded 'client' label in apiserver_request_total allows for memory exhaustion", "id": "1797909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797909"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.", "A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash."], "mitigation": {"lang": "en:us", "value": "Prevent unauthenticated or unauthorized access to all APIs"}, "name": "CVE-2020-8552", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-hypershift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-service-catalog", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8552\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8552\nhttps://github.com/kubernetes/kubernetes/issues/89378\nhttps://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"], "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Gus Lees (Amazon) as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-enterprise-service-catalog-1:3.11.219-1.git.1.717017c.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

1 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-0:3.11.219-1.git.0.0c21387.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

2 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-cluster-autoscaler-0:3.11.219-1.git.1.1ad3e34.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

3 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-descheduler-0:3.11.219-1.git.1.7e5b9ee.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

4 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-dockerregistry-0:3.11.219-1.git.1.8323991.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

5 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-metrics-server-0:3.11.219-1.git.1.6fe54fb.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

6 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-node-problem-detector-0:3.11.219-1.git.1.5ae8753.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

7 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-service-idler-0:3.11.219-1.git.1.958cdae.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

8 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : golang-github-openshift-oauth-proxy-0:3.11.219-1.git.1.076ae14.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

9 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : golang-github-prometheus-alertmanager-0:3.11.219-1.git.1.9a593f8.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

10 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : golang-github-prometheus-node_exporter-0:3.11.219-1.git.1.7fa9674.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

11 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : golang-github-prometheus-prometheus-0:3.11.219-1.git.1.3f6e657.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

12 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : openshift-ansible-0:3.11.219-1.git.0.8845382.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

13 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : openshift-enterprise-autoheal-0:3.11.219-1.git.1.c544df9.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

14 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : openshift-enterprise-cluster-capacity-0:3.11.219-1.git.1.ca1ee51.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

15 : { »

advisory : RHBA-2020:2215 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : openshift-kuryr-0:3.11.219-1.git.1.717d59f.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-05-28T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2020:2992 (string)

cpe : cpe:/a:redhat:openshift:3.11::el7 (string)

package : atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7 (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

release_date : 2020-07-27T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2020:1526 (string)

cpe : cpe:/a:redhat:openshift:4.2::el7 (string)

package : openshift4/ose-hyperkube:v4.2.29-202004140532 (string)

product_name : Red Hat OpenShift Container Platform 4.2 (string)

release_date : 2020-04-22T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2020:1527 (string)

cpe : cpe:/a:redhat:openshift:4.2::el7 (string)

package : openshift-0:4.2.29-202004110432.git.0.f7d02c8.el8 (string)

product_name : Red Hat OpenShift Container Platform 4.2 (string)

release_date : 2020-04-22T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2020:2306 (string)

cpe : cpe:/a:redhat:openshift:4.2::el7 (string)

package : openshift4/ose-openshift-apiserver-rhel7:v4.2.34-202005252115 (string)

product_name : Red Hat OpenShift Container Platform 4.2 (string)

release_date : 2020-06-03T00:00:00Z (string)

}

20 : { »

advisory : RHBA-2020:0929 (string)

cpe : cpe:/a:redhat:openshift:4.3::el7 (string)

package : openshift-0:4.3.9-202003230116.git.0.ebf9a26.el7 (string)

product_name : Red Hat OpenShift Container Platform 4.3 (string)

release_date : 2020-04-01T00:00:00Z (string)

}

21 : { »

advisory : RHBA-2020:0930 (string)

cpe : cpe:/a:redhat:openshift:4.3::el7 (string)

package : openshift4/ose-hyperkube:v4.3.9-202003230345 (string)

product_name : Red Hat OpenShift Container Platform 4.3 (string)

release_date : 2020-04-01T00:00:00Z (string)

}

22 : { »

advisory : RHSA-2020:0933 (string)

cpe : cpe:/a:redhat:openshift:4.3::el7 (string)

package : openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345 (string)

product_name : Red Hat OpenShift Container Platform 4.3 (string)

release_date : 2020-04-01T00:00:00Z (string)

}

]

bugzilla : { »

description : kubernetes: Use of unbounded 'client' label in apiserver_request_total allows for memory exhaustion (string)

id : 1797909 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1797909 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.3 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L (string)

status : verified (string)

}

cwe : CWE-400 (string)

details : [ »

0 : The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. (string)

1 : A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash. (string)

]

mitigation : { »

lang : en:us (string)

value : Prevent unauthenticated or unauthorized access to all APIs (string)

}

name : CVE-2020-8552 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : openshift4/ose-hypershift (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

1 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Will not fix (string)

package_name : openshift4/ose-service-catalog (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

2 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Not affected (string)

package_name : heketi (string)

product_name : Red Hat Storage 3 (string)

}

]

public_date : 2020-03-23T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2020-8552 https://nvd.nist.gov/vuln/detail/CVE-2020-8552 https://github.com/kubernetes/kubernetes/issues/89378 https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object