1C3T0Rm

**Name of the Vulnerable Software and Affected Versions** Omni versions prior to 1.1.5 Omni version 1.0.2 **Description** Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the **API endpoints**. The issue exists in the `isSensitiveSpec` function which calls `grpcomni.CreateResource` without checking if the resource's metadata field is nil. When a resource is created with an empty Metadata field, the `CreateResource` function attempts to access `resource.Metadata.Version` causing a segmentation fault. **Recommendations** Update Omni to version 1.1.5 or later. Update Omni to version 1.0.2.