← Zuruck zu CVEs
CVE-2022-31074
MEDIUM4.5
Beschreibung
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.
CVE Details
CVSS v3.1 Bewertung4.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht7/11/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linuxfoundation:kubeedge
Schwachen (CWE)
CWE-400
Referenzen
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr(security-advisories@github.com)
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.