{"id":"GHSA-82hx-w2r5-c2wq","summary":"Kubernetes API Server DoS Via API Requests","details":"The Kubernetes API server component in Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.","aliases":["CVE-2020-8552"],"modified":"2026-02-04T04:14:04.012553Z","published":"2022-02-15T01:57:18Z","related":["CGA-5hwq-fqv8-3gwc"],"database_specific":{"severity":"MODERATE","nvd_published_at":"2020-03-27T15:15:00Z","github_reviewed_at":"2021-05-06T21:48:16Z","github_reviewed":true,"cwe_ids":["CWE-400","CWE-770","CWE-789"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8552"},{"type":"WEB","url":"https://github.com/kubernetes/kubernetes/issues/89378"},{"type":"WEB","url":"https://github.com/kubernetes/kubernetes/pull/87669"},{"type":"WEB","url":"https://github.com/kubernetes/kubernetes/commit/5978856c4c7f10737a11c9540fe60b8475beecbb"},{"type":"WEB","url":"https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20200413-0003"}],"affected":[{"package":{"name":"k8s.io/apiserver","ecosystem":"Go","purl":"pkg:golang/k8s.io/apiserver"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.15.10"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-82hx-w2r5-c2wq/GHSA-82hx-w2r5-c2wq.json"}},{"package":{"name":"k8s.io/apiserver","ecosystem":"Go","purl":"pkg:golang/k8s.io/apiserver"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.16.0"},{"fixed":"0.16.7"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-82hx-w2r5-c2wq/GHSA-82hx-w2r5-c2wq.json"}},{"package":{"name":"k8s.io/apiserver","ecosystem":"Go","purl":"pkg:golang/k8s.io/apiserver"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.17.0"},{"fixed":"0.17.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-82hx-w2r5-c2wq/GHSA-82hx-w2r5-c2wq.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}