PT-2022-20508 · Kubeedge · Kubeedge
Adam Korczynski
+1
·
Published
2022-07-11
·
Updated
2024-08-21
·
CVE-2022-31073
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
KubeEdge versions prior to 1.11.1
KubeEdge versions prior to 1.10.2
KubeEdge versions prior to 1.9.4
Description
The ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory, causing a denial of service for other services on the node, such as other containers. This issue can be exploited by malicious apps that have access to send HTTP requests to localhost, but only when the
ServiceBus module is enabled in the config file edgecore.yaml.Recommendations
For versions prior to 1.11.1, update to version 1.11.1 or later.
For versions prior to 1.10.2, update to version 1.10.2 or later.
For versions prior to 1.9.4, update to version 1.9.4 or later.
As a temporary workaround, disable the
ServiceBus module in the config file edgecore.yaml.Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kubeedge