Design/Logic Flaw

2023-09-1910:15:00

PRIOn knowledge base

www.prio-n.com

design logic flaw

suse rke2

resource allocation

dos

vulnerability

nvd

0.0005 Low

EPSS

Percentile

17.0%

JSON

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.
This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.

CPENameOperatorVersion
rancher_rke2eq1.28.1rke2r1 rc2
rancher_rke2eq1.28.1rke2r1 rc1
rancher_rke2eq>= 1.27.1rke2r1 AND < 1.27.5rke2r1
rancher_rke2eq>= 1.26.0rke2r1 AND < 1.26.8rke2r1
rancher_rke2eq>= 1.25.0rke2r1 AND < 1.25.13rke2r1
rancher_rke2eq>= 1.24.0rke2r1 AND < 1.24.17rke2r1

Name	Operator	Version
rancher_rke2	eq	1.28.1rke2r1 rc2
rancher_rke2	eq	1.28.1rke2r1 rc1
rancher_rke2	eq	>= 1.27.1rke2r1 AND < 1.27.5rke2r1
rancher_rke2	eq	>= 1.26.0rke2r1 AND < 1.26.8rke2r1
rancher_rke2	eq	>= 1.25.0rke2r1 AND < 1.25.13rke2r1
rancher_rke2	eq	>= 1.24.0rke2r1 AND < 1.24.17rke2r1