Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2023-32187
HistorySep 18, 2023 - 1:15 p.m.

CVE-2023-32187

2023-09-1813:15:08
Alpine Linux Development Team
security.alpinelinux.org
18
suse k3s
denial of service
unlimited resource allocation
vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.3%

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers’ apiserver/supervisor port (TCP 6443) cause denial of service.
This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchk3s< 1.27.5.1-r0UNKNOWN
Alpine3.18-communitynoarchk3s< 1.27.5.1-r0UNKNOWN
Alpine3.19-communitynoarchk3s< 1.27.5.1-r0UNKNOWN
Alpine3.20-communitynoarchk3s< 1.27.5.1-r0UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.3%