Описание
KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.3 (исключая)
Одно из
cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:kubeedge:1.10.0:-:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:kubeedge:1.10.0:beta0:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00339
Низкий
4 Medium
CVSS3
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 4
github
больше 3 лет назад
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
EPSS
Процентиль: 56%
0.00339
Низкий
4 Medium
CVSS3
5.7 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-476