CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers’ apiserver/supervisor port (TCP 6443) cause denial of service.
This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.
[
{
"cpes": [
"cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*"
],
"vendor": "k3s",
"product": "k3s",
"versions": [
{
"status": "affected",
"version": "1.24.0",
"lessThan": "1.24.17+k3s1",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.25.0",
"lessThan": "1.25.13+k3s1",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.26.0",
"lessThan": "1.26.8+k3s1",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.28.0",
"lessThan": "1.28.1+k3s1",
"versionType": "custom"
},
{
"status": "affected",
"version": "1.27.0",
"lessThan": "1.27.5+k3s1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial