kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption.
History

Mon, 23 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Kubeflow
Kubeflow kubeflow
CPEs cpe:2.3:a:kubeflow:kubeflow:*:*:*:*:*:*:*:*
Vendors & Products Kubeflow
Kubeflow kubeflow
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:09:09.149Z

Updated: 2024-08-01T21:18:06.319Z

Reserved: 2024-05-30T21:56:04.319Z

Link: CVE-2024-5552

cve-icon Vulnrichment

Updated: 2024-08-01T21:18:06.319Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-06T19:16:09.697

Modified: 2024-09-23T22:31:27.563

Link: CVE-2024-5552

cve-icon Redhat

No data.