Описание
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
Отчет
The upstream Kubernetes fix for this vulnerability is to update the version of the Go dependency, gopkg.in/yaml.v2. This issue affects OpenShift Container Platform components that use versions before 2.2.8 of gopkg.in/yaml.v2 and accept YAML payloads.
Меры по смягчению последствий
Prevent unauthenticated or unauthorized access to the API server
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift4/ose-hypershift | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-k8s-prometheus-adapter-rhel9 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-openshift-state-metrics-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-service-catalog | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHSA-2020:2479 | 18.06.2020 |
| Red Hat OpenShift Container Platform 4.3 | openshift4/ose-openshift-apiserver-rhel7 | Fixed | RHSA-2020:0933 | 01.04.2020 |
| Red Hat OpenShift Container Platform 4.5 | openshift4/ose-hyperkube | Fixed | RHSA-2020:2412 | 13.07.2020 |
| Red Hat OpenShift Container Platform 4.5 | openshift4/ose-oauth-server-rhel7 | Fixed | RHSA-2020:2412 | 13.07.2020 |
| Red Hat OpenShift Container Platform 4.5 | openshift | Fixed | RHSA-2020:2413 | 13.07.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
The Kubernetes API Server component in versions 1.1-1.14, and versions ...
Excessive Platform Resource Consumption within a Loop in Kubernetes
ELSA-2020-5653: olcne kubernetes security update (IMPORTANT)
EPSS
6.5 Medium
CVSS3