Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. k8s.io/apiserver
  4. ›
  5. CVE-2020-8552

CVE-2020-8552: Allocation of Resources Without Limits or Throttling

February 15, 2022 (updated June 25, 2025)

The Kubernetes API server component in versions prior to (and including) 0.15.9, 0.16.0-0.16.6, and 0.17.0-0.17.2, has been found to be vulnerable to a denial of service attack via successful API requests.

References

  • github.com/advisories/GHSA-82hx-w2r5-c2wq
  • github.com/kubernetes/kubernetes/commit/5978856c4c7f10737a11c9540fe60b8475beecbb
  • github.com/kubernetes/kubernetes/issues/89378
  • github.com/kubernetes/kubernetes/pull/87669
  • groups.google.com/forum/
  • lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
  • nvd.nist.gov/vuln/detail/CVE-2020-8552
  • security.netapp.com/advisory/ntap-20200413-0003/

Code Behaviors & Features

Detect and mitigate CVE-2020-8552 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 0.15.10, all versions starting from 0.16.0 before 0.16.7, all versions starting from 0.17.0 before 0.17.3

Fixed versions

  • 0.15.10
  • 0.16.7
  • 0.17.3

Solution

Upgrade to versions 0.15.10, 0.16.7, 0.17.3 or above.

Impact 4.3 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Learn more about CVSS

Weakness

  • CWE-770: Allocation of Resources Without Limits or Throttling

Source file

go/k8s.io/apiserver/CVE-2020-8552.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 11 Sep 2025 12:18:46 +0000.