| |
Podatność CVE-2022-31080
Publikacja: 2022-07-11
Opis: |
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the process which invokes a WSClient will be in a denial of service. The software is affected If users who are authenticated to the edge side connect to `cloudhub` from the edge side through WebSocket protocol. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There are currently no known workarounds. |
Typ:
CWE-400 (Uncontrolled Resource Consumption ('Resource Exhaustion'))
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Ogólna skala CVSS |
Znaczenie |
Łatwość wykorzystania |
4/10 |
2.9/10 |
8/10 |
Wymagany dostęp |
Złożoność ataku |
Autoryzacja |
Zdalny |
Niska |
Jednorazowa |
Wpływ na poufność |
Wpływ na integralność |
Wpływ na dostępność |
Brak |
Brak |
Częściowy |
Referencje: |
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-6wvc-6pww-qr4r
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|