CVE-2022-31074

Name of the Vulnerable Software and Affected Versions KubeEdge versions prior to 1.11.1 KubeEdge versions prior to 1.10.2 KubeEdge versions prior to 1.9.4

Description KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Several endpoints in the Cloud AdmissionController, including "/devicemodels", "/rules", "/ruleendpoints", and "/offlinemigration", may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. Only an authenticated user can cause this issue.

Recommendations Update to KubeEdge version 1.11.1 or later to resolve the issue. Update to KubeEdge version 1.10.2 or later to resolve the issue. Update to KubeEdge version 1.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints in the Cloud AdmissionController until a patch is available. Avoid sending HTTP requests with very large Bodies to the Cloud AdmissionController until the issue is resolved.