Bugzilla – Bug 1167509
VUL-0: CVE-2020-8551: kubernetes: crafted requests to kubelet API allow for memory exhaustion
Last modified: 2020-07-22 13:07:26 UTC
The Kubelet has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
CaaSP4 ships the 1.17.4 which is already fixed. Versions prior 1.15 are not affected. Closing