Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31074

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.

Published

2022-07-11T20:15:08.690

Last Modified

2024-11-21T07:03:50.483

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	kubeedge	< 1.9.4	Yes
Application	linuxfoundation	kubeedge	< 1.10.2	Yes
Application	linuxfoundation	kubeedge	< 1.11.1	Yes

References

https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr Third Party Advisory ([email protected])
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)