GHSA-qhm4-jxv7-j9pq

Source

https://github.com/advisories/GHSA-qhm4-jxv7-j9pq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-qhm4-jxv7-j9pq/GHSA-qhm4-jxv7-j9pq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qhm4-jxv7-j9pq

Aliases

Related

CGA-g466-3pmc-wvm7

Published

2022-02-15T01:57:18Z

Modified

2024-08-21T15:57:14.505937Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes

Details

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

Database specific

{
    "severity": "MODERATE",
    "nvd_published_at": "2020-03-27T15:15:00Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-770",
        "CWE-789"
    ],
    "github_reviewed_at": "2021-05-06T21:53:58Z"
}

References

Affected packages

Go / k8s.io/kubernetes

Package

Name: k8s.io/kubernetes; View open source insights on deps.dev
Purl: pkg:golang/k8s.io/kubernetes

Affected ranges

Type: SEMVER
Events: Introduced

1.15.0

Fixed

1.15.10

Go / k8s.io/kubernetes

Package

Name: k8s.io/kubernetes; View open source insights on deps.dev
Purl: pkg:golang/k8s.io/kubernetes

Affected ranges

Type: SEMVER
Events: Introduced

1.16.0

Fixed

1.16.6

Go / k8s.io/kubernetes

Package

Name: k8s.io/kubernetes; View open source insights on deps.dev
Purl: pkg:golang/k8s.io/kubernetes

Affected ranges

Type: SEMVER
Events: Introduced

1.17.0

Fixed

1.17.2