CVE-2020-8551
go/github.com/kubernetes/kubelet
Allocation of Resources Without Limits or Throttling
The Kubelet component has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port, and the authenticated HTTPS API typically served on port
All versions starting from 1.15.0 up to 1.15.9, all versions starting from 1.16.0 up to 1.16.6, all versions starting from 1.17.0 up to 1.17.2
Unfortunately, there is no solution available yet.
2020-08-04
source |