Overview
- Description
- An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.
- Source
- meissner@suse.de
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Weaknesses
- meissner@suse.de
- CWE-770
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FEC7C6F-1B51-4F4D-B676-BBB6BE589A8C",
"versionEndExcluding": "1.24.17\\+k3s1",
"versionStartIncluding": "1.24.0"
},
{
"criteria": "cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78847F7B-2FBC-431B-8EA2-40DCFC14659A",
"versionEndExcluding": "1.25.13\\+k3s1",
"versionStartIncluding": "1.25.0"
},
{
"criteria": "cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5B928DB-5CC6-4E1E-9049-DED54245E47F",
"versionEndExcluding": "1.26.8\\+k3s1",
"versionStartIncluding": "1.26.0"
},
{
"criteria": "cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD52035E-E6FB-444E-99C0-FC4FE63D6EB3",
"versionEndExcluding": "1.27.5\\+k3s1",
"versionStartIncluding": "1.27.0"
},
{
"criteria": "cpe:2.3:a:k3s:k3s:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "515B2A4C-17AB-4C4B-8231-18A6A49C25DD",
"versionEndExcluding": "1.28.1\\+k3s1",
"versionStartIncluding": "1.28.0"
}
],
"operator": "OR"
}
]
}
]