Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2022-31073
HistoryJul 11, 2022 - 8:15 p.m.

CVE-2022-31073

2022-07-1120:15:08
CWE-400
GitHub_M
web.nvd.nist.gov
51
8
kubeedge
dos attack
servicebus
cve-2022-31073
edge computing
security vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.2%

JSON

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service. Malicious apps accidentally pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the ServiceBus module in the config file edgecore.yaml. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the ServiceBus module in the config file edgecore.yaml.

Affected configurations

Nvd
Vulners
Node
linuxfoundationkubeedgeRange<1.9.4
OR
linuxfoundationkubeedgeRange1.10.01.10.2
OR
linuxfoundationkubeedgeRange1.11.01.11.1
VendorProductVersionCPE
linuxfoundationkubeedge*cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "kubeedge",
    "vendor": "kubeedge",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.9.4"
      },
      {
        "status": "affected",
        "version": ">= 1.10.0, < 1.10.2"
      },
      {
        "status": "affected",
        "version": "= 1.11.0"
      }
    ]
  }
]

Social References

More

Related

veracode 1
osv 3
prion 1
nvd 1
cvelist 1
github 1
veracode
veracode
Denial Of Service (DoS)
2022-07-12 03:59:21
osv
osv
KubeEdge Edge ServiceBus module DoS
2022-07-11 21:00:20
CVE-2022-31073
2022-07-11 20:15:08
KubeEdge Edge ServiceBus module DoS in github.com/kubeedge/kubeedge
2024-08-21 15:11:36
prion
prion
Design/Logic Flaw
2022-07-11 20:15:00
nvd
nvd
CVE-2022-31073
2022-07-11 20:15:08
cvelist
cvelist
CVE-2022-31073 KubeEdge Edge ServiceBus module DoS
2022-07-11 20:05:13
github
github
KubeEdge Edge ServiceBus module DoS
2022-07-11 21:00:20

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.2%

JSON
Related for CVE-2022-31073
veracode1osv3prion1nvd1cvelist1github1