Base Score

MEDIUM4.3

CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

VectorNETWORK

Published Byjordan@liggitt.net

Published DateMar 27, 2020, 15:15

Affected Versions(3)

k8s.io/apiserver(Go)

Introduced0

Fixed0.15.10

LimitN/A

k8s.io/apiserver(Go)

Introduced0.16.0

Fixed0.16.7

LimitN/A

k8s.io/apiserver(Go)

Introduced0.17.0

Fixed0.17.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
k8s.io/apiserver(Go)	0	0.15.10	N/A
k8s.io/apiserver(Go)	0.16.0	0.16.7	N/A
k8s.io/apiserver(Go)	0.17.0	0.17.3	N/A

Weakness Type (CWE):CWE-770

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-770

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW