|wo security issues were discovered in Kubernetes that could lead to a recoverable denial of service.
CVE-2020-8551 affects the kubelet, and has been rated Medium (CVSS:3.0/AV:A/
CVE-2020-8552 affects the API server, and has also been rated Medium (CVSS:3.0/AV:N/AC:L/PR:
Am I vulnerable?
If an attacker can make an authorized resource request to an unpatched API server (see below), then you may be vulnerable to CVE-2020-8552. If an attacker can make an authorized request to an unpatched kubelet, then you may be vulnerable to CVE-2020-8551.
How do I mitigate this vulnerability?
Prior to upgrading, these vulnerabilities can be mitigated by:
Both vulnerabilities are patched in kubernetes versions
To upgrade, refer to the documentation: https://
See the GitHub issues for more details: