Free Trial

Kubelet component in versions 1.15.0-1.15.9

Overview :
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

CVE-2020-8551
wo security issues were discovered in Kubernetes that could lead to a recoverable denial of service.

CVE-2020-8551 affects the kubelet, and has been rated Medium (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2020-8552 affects the API server, and has also been rated Medium (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Am I vulnerable?

If an attacker can make an authorized resource request to an unpatched API server (see below), then you may be vulnerable to CVE-2020-8552. If an attacker can make an authorized request to an unpatched kubelet, then you may be vulnerable to CVE-2020-8551.

Affected Versions

CVE-2020-8551 affects:
  • kubelet v1.17.0 – v1.17.2
  • kubelet v1.16.0 – v1.16.6
  • kubelet v1.15.0 – v1.15.10\
  • kubelets prior to v1.15.0 are unaffected
CVE-2020-8552 affects:
  • kube-apiserver v1.17.0 – v1.17.2
  • kube-apiserver v1.16.0 – v1.16.6
  • kube-apiserver < v1.15.10

How do I mitigate this vulnerability?

Prior to upgrading, these vulnerabilities can be mitigated by:

  • Preventing unauthenticated or unauthorized access to the affected components
  • The apiserver and kubelet should auto restart in the event of an OOM error

Fixed Versions

Both vulnerabilities are patched in kubernetes versions
  • v1.17.3
  • v1.16.7
  • v1.15.10

Additional Details

See the GitHub issues for more details:

CVE-2020-8551: https://github.com/kubernetes/kubernetes/issues/89377
CVE-2020-8552: https://github.com/kubernetes/kubernetes/issues/89378

References

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION

Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This

Learn more
CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU

Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file

Learn more
CVE-2024-10205 : HITACHI OPS CENTER ANALYZER ON LINUX 64-BIT MISSING AUTHENTICATION

CVE-2024-10205 : HITACHI OPS CENTER ANALYZER ON LINUX 64-BIT MISSING AUTHENTICATION

Description Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component),

Learn more