CVE-2023-32186

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-32186

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32186.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32186

Aliases

GHSA-p45j-vfv5-wprq

Withdrawn

2024-05-15T05:32:56.804492Z

Published

2023-09-19T10:15:13Z

Modified

2023-11-29T09:58:05.846581Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.

References

Affected packages

Git / github.com/rancher/rke2

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rke2
Events: Introduced

9ce3825ec005872a0873307844ba99a2bdd4ee19

Fixed

1de995339f133cc0ec5003854e8ff1f32ca4a9c0

Introduced

22513ef9e5b17b9910558bfe2091253a00718780

Introduced

46eaa13645d504c851173a9e59783d21bde1b01d

Affected versions

v1.*

v1.27.1+rke2r1

v1.27.1-rc1+rke2r1

v1.27.2+rke2r1

v1.27.2-rc1+rke2r1

v1.27.2-rc2+rke2r1

v1.27.2-rc3+rke2r1

v1.27.3+rke2r1

v1.27.3-rc1+rke2r1

v1.27.3-rc2+rke2r1

v1.27.3-rc3+rke2r1

v1.27.3-rc4+rke2r1

v1.27.4+rke2r1

v1.27.4-rc1+rke2r1

v1.27.5-rc1+rke2r1

v1.27.5-rc2+rke2r1