CVE-2022-31074 - OpenCVE

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Kubeedge

Configuration 1 [-]

OR	cpe:2.3:a:linuxfoundation:kubeedge::::::::
	cpe:2.3:a:linuxfoundation:kubeedge::::::::
	cpe:2.3:a:linuxfoundation:kubeedge::::::::

No data.

References

Link	Providers
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-07-11T20:10:10

Updated: 2024-08-03T07:11:38.381Z

Reserved: 2022-05-18T00:00:00

Link: CVE-2022-31074

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-11T20:15:08.690

Modified: 2022-07-16T13:39:40.213

Link: CVE-2022-31074

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "kubeedge", "vendor": "kubeedge", "versions": [{"status": "affected", "version": "< 1.9.4"}, {"status": "affected", "version": ">= 1.10.0, < 1.10.2"}, {"status": "affected", "version": "= 1.11.0"}]}], "descriptions": [{"lang": "en", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-11T20:10:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr"}], "source": {"advisory": "GHSA-w52j-3457-q9wr", "discovery": "UNKNOWN"}, "title": "KubeEdge Cloud AdmissionController component DoS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31074", "STATE": "PUBLIC", "TITLE": "KubeEdge Cloud AdmissionController component DoS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kubeedge", "version": {"version_data": [{"version_value": "< 1.9.4"}, {"version_value": ">= 1.10.0, < 1.10.2"}, {"version_value": "= 1.11.0"}]}}]}, "vendor_name": "kubeedge"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "ADJACENT", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr", "refsource": "CONFIRM", "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr"}]}, "source": {"advisory": "GHSA-w52j-3457-q9wr", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:38.381Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31074", "datePublished": "2022-07-11T20:10:10", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:38.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A932E23-CC93-426C-B4D6-90A7D920CB95", "versionEndExcluding": "1.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ABDAE98-2267-449F-9FB0-D7A0536D2DE0", "versionEndExcluding": "1.10.2", "versionStartIncluding": "1.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D1541C6-7E77-43CC-982C-27768120D625", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround."}, {"lang": "es", "value": "KubeEdge es un sistema de c\u00f3digo abierto para extender las capacidades de orquestaci\u00f3n de aplicaciones nativas en contenedores a los hosts en Edge. En versiones anteriores a 1.11.1, 1.10.2 y 1.9.4, varios endpoints de Cloud AdmissionController pod\u00edan ser susceptibles de sufrir un ataque DoS si les es enviada una petici\u00f3n HTTP con un cuerpo muy grande. La consecuencia del agotamiento es que el Cloud AdmissionController estar\u00e1 en denegaci\u00f3n de servicio. Este error ha sido corregido en Kubeedge versiones 1.11.1, 1.10.2 y 1.9.4. Actualmente no es conocida ninguna mitigaci\u00f3n"}], "id": "CVE-2022-31074", "lastModified": "2022-07-16T13:39:40.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-07-11T20:15:08.690", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Primary"}]}