[Security Advisory] CVE-2020-8551, CVE-2020-8552: Denial of service (Medium)
343 views
Skip to first unread message
Tim Allclair
Mar 23, 2020, 2:38:07 PM3/23/20
to kubernete...@googlegroups.com, Kubernetes developer/contributor discussion, kubernetes-sec...@googlegroups.com, kubernetes-security-discuss, oss-se...@lists.openwall.com, kubernetes+a...@discoursemail.com
Hello Kubernetes Community,
Two security issues were discovered in Kubernetes that could lead to a recoverable denial of service.
CVE-2020-8551 affects the kubelet, and has been rated Medium (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2020-8552 affects the API server, and has also been rated Medium (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Am I vulnerable?
If an attacker can make an authorized resource request to an unpatched API server (see below), then you may be vulnerable to CVE-2020-8552. If an attacker can make an authorized request to an unpatched kubelet, then you may be vulnerable to CVE-2020-8551.
Affected Versions
CVE-2020-8551 affects:
- kubelet v1.17.0 - v1.17.2
- kubelet v1.16.0 - v1.16.6
- kubelet v1.15.0 - v1.15.10\
- kubelets prior to v1.15.0 are unaffected
CVE-2020-8552 affects:
- kube-apiserver v1.17.0 - v1.17.2
- kube-apiserver v1.16.0 - v1.16.6
- kube-apiserver < v1.15.10
How do I mitigate this vulnerability?
Prior to upgrading, these vulnerabilities can be mitigated by:
- Preventing unauthenticated or unauthorized access to the affected components
- The apiserver and kubelet should auto restart in the event of an OOM error
Fixed Versions
Both vulnerabilities are patched in kubernetes versions
- v1.17.3
- v1.16.7
- v1.15.10
To upgrade, refer to the documentation: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster
Additional Details
See the GitHub issues for more details:
CVE-2020-8551: https://github.com/kubernetes/kubernetes/issues/89377
CVE-2020-8552: https://github.com/kubernetes/kubernetes/issues/89378
Thank You,
Tim Allclair on behalf of the Kubernetes Product Security Committee
Reply all
Reply to author
Forward
0 new messages