GHSA-55qj-gj3x-jq9r

Suggest an improvement
Source
https://github.com/advisories/GHSA-55qj-gj3x-jq9r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-55qj-gj3x-jq9r/GHSA-55qj-gj3x-jq9r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-55qj-gj3x-jq9r
Aliases
Published
2024-04-24T20:01:31Z
Modified
2024-06-10T19:36:51Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service in Kubernetes
Details

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

Database specific
{
    "nvd_published_at": "2020-07-23T17:15:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T20:01:31Z"
}
References

Affected packages

Go / k8s.io/kubernetes/pkg/kubelet

Package

Name
k8s.io/kubernetes/pkg/kubelet
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes/pkg/kubelet

Affected ranges

Type
SEMVER
Events
Introduced
1.1.0
Fixed
1.16.13

Go / k8s.io/kubernetes/pkg/kubelet

Package

Name
k8s.io/kubernetes/pkg/kubelet
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes/pkg/kubelet

Affected ranges

Type
SEMVER
Events
Introduced
1.17.0
Fixed
1.17.9

Go / k8s.io/kubernetes/pkg/kubelet

Package

Name
k8s.io/kubernetes/pkg/kubelet
View open source insights on deps.dev
Purl
pkg:golang/k8s.io/kubernetes/pkg/kubelet

Affected ranges

Type
SEMVER
Events
Introduced
1.18.0
Fixed
1.18.6