CVE-2023-48713 - OpenCVE

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Knative	Serving

Configuration 1 [-]

OR	cpe:2.3:a:knative:serving::::::::
	cpe:2.3:a:knative:serving::::::::

No data.

References

Link	Providers
https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca
https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1
https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a
https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-28T03:44:59.538Z

Updated: 2024-08-02T21:37:54.657Z

Reserved: 2023-11-17T19:43:37.555Z

Link: CVE-2023-48713

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-28T04:15:07.820

Modified: 2023-12-01T21:53:20.687

Link: CVE-2023-48713

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48713", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-17T19:43:37.555Z", "datePublished": "2023-11-28T03:44:59.538Z", "dateUpdated": "2024-08-02T21:37:54.657Z"}, "containers": {"cna": {"title": "Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"}, {"name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"}, {"name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"}, {"name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"}], "affected": [{"vendor": "knative", "product": "serving", "versions": [{"version": "< 0.39.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-28T03:44:59.538Z"}, "descriptions": [{"lang": "en", "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."}], "source": {"advisory": "GHSA-qmvj-4qr9-v547", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.657Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"}, {"name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"}, {"name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"}, {"name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2", "versionEndExcluding": "1.10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", "matchCriteriaId": "3672D2F9-C70C-4FC1-8992-B8EB42F755BB", "versionEndExcluding": "1.11.3", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."}, {"lang": "es", "value": "Knative Serving se basa en Kubernetes para admitir la implementaci\u00f3n y el servicio de aplicaciones y funciones como contenedores sin servidor. Un atacante que controla un pod hasta un punto en el que pueda controlar las respuestas desde el endpoint /metrics puede provocar una Denegaci\u00f3n de Servicio del escalador autom\u00e1tico debido a un error de asignaci\u00f3n de memoria independiente. Esta es una vulnerabilidad DoS, donde un usuario de Knative sin privilegios puede provocar un DoS para el cl\u00faster. Este problema se solucion\u00f3 en la versi\u00f3n 0.39.0."}], "id": "CVE-2023-48713", "lastModified": "2023-12-01T21:53:20.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-28T04:15:07.820", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}