{ "threat_severity" : "Moderate", "public_date" : "2020-03-23T00:00:00Z", "bugzilla" : { "description" : "kubernetes: Use of unbounded 'client' label in apiserver_request_total allows for memory exhaustion", "id" : "1797909", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1797909" }, "cvss3" : { "cvss3_base_score" : "4.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.", "A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash." ], "acknowledgement" : "Red Hat would like to thank Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Gus Lees (Amazon) as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-enterprise-service-catalog-1:3.11.219-1.git.1.717017c.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-0:3.11.219-1.git.0.0c21387.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-cluster-autoscaler-0:3.11.219-1.git.1.1ad3e34.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-descheduler-0:3.11.219-1.git.1.7e5b9ee.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-dockerregistry-0:3.11.219-1.git.1.8323991.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-metrics-server-0:3.11.219-1.git.1.6fe54fb.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-node-problem-detector-0:3.11.219-1.git.1.5ae8753.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-service-idler-0:3.11.219-1.git.1.958cdae.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "golang-github-openshift-oauth-proxy-0:3.11.219-1.git.1.076ae14.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "golang-github-prometheus-alertmanager-0:3.11.219-1.git.1.9a593f8.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "golang-github-prometheus-node_exporter-0:3.11.219-1.git.1.7fa9674.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "golang-github-prometheus-prometheus-0:3.11.219-1.git.1.3f6e657.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "openshift-ansible-0:3.11.219-1.git.0.8845382.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "openshift-enterprise-autoheal-0:3.11.219-1.git.1.c544df9.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "openshift-enterprise-cluster-capacity-0:3.11.219-1.git.1.ca1ee51.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-05-28T00:00:00Z", "advisory" : "RHBA-2020:2215", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "openshift-kuryr-0:3.11.219-1.git.1.717d59f.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-07-27T00:00:00Z", "advisory" : "RHSA-2020:2992", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHSA-2020:1526", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-hyperkube:v4.2.29-202004140532" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHSA-2020:1527", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift-0:4.2.29-202004110432.git.0.f7d02c8.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-06-03T00:00:00Z", "advisory" : "RHSA-2020:2306", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-openshift-apiserver-rhel7:v4.2.34-202005252115" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-04-01T00:00:00Z", "advisory" : "RHBA-2020:0929", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift-0:4.3.9-202003230116.git.0.ebf9a26.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-04-01T00:00:00Z", "advisory" : "RHBA-2020:0930", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift4/ose-hyperkube:v4.3.9-202003230345" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-04-01T00:00:00Z", "advisory" : "RHSA-2020:0933", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift4/ose-openshift-apiserver-rhel7:v4.3.9-202003230345" } ], "package_state" : [ { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-hypershift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-service-catalog", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Not affected", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-8552\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8552\nhttps://github.com/kubernetes/kubernetes/issues/89378\nhttps://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s" ], "name" : "CVE-2020-8552", "mitigation" : { "value" : "Prevent unauthenticated or unauthorized access to all APIs", "lang" : "en:us" }, "csaw" : false }