Описание
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-bundle | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Cryostat 3 | cryostat-tech-preview/cryostat-rhel8-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-8-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/assisted-service-9-rhel9 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/serving-activator-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/serving-autoscaler-hpa-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/serving-autoscaler-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Duplicate Advisory: cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
EPSS
4.4 Medium
CVSS3