CVE-2022-31075 - Vulnerability Details

Vendors	Products
Linuxfoundation	Kubeedge

Link	Providers
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr

{"containers": {"cna": {"affected": [{"product": "kubeedge", "vendor": "kubeedge", "versions": [{"status": "affected", "version": "< 1.9.4"}, {"status": "affected", "version": ">= 1.10.0, < 1.10.2"}, {"status": "affected", "version": "= 1.11.0"}]}], "descriptions": [{"lang": "en", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to `/edge.crt`. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request can crash the HTTP service through a memory exhaustion vector. The request body is being read into memory, and a body that is larger than the available memory can lead to a successful attack. Because the request would have to make it through authorization, only authorized users may perform this attack. The consequence of the exhaustion is that CloudHub will be in denial of service. KubeEdge is affected only when users enable the CloudHub module in the file `cloudcore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the CloudHub switch in the config file `cloudcore.yaml`."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-11T20:15:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr"}], "source": {"advisory": "GHSA-x3px-2p95-f6jr", "discovery": "UNKNOWN"}, "title": "KubeEdge DoS when signing the CSR from EdgeCore", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-31075", "STATE": "PUBLIC", "TITLE": "KubeEdge DoS when signing the CSR from EdgeCore"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kubeedge", "version": {"version_data": [{"version_value": "< 1.9.4"}, {"version_value": ">= 1.10.0, < 1.10.2"}, {"version_value": "= 1.11.0"}]}}]}, "vendor_name": "kubeedge"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to `/edge.crt`. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request can crash the HTTP service through a memory exhaustion vector. The request body is being read into memory, and a body that is larger than the available memory can lead to a successful attack. Because the request would have to make it through authorization, only authorized users may perform this attack. The consequence of the exhaustion is that CloudHub will be in denial of service. KubeEdge is affected only when users enable the CloudHub module in the file `cloudcore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the CloudHub switch in the config file `cloudcore.yaml`."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr", "refsource": "CONFIRM", "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr"}]}, "source": {"advisory": "GHSA-x3px-2p95-f6jr", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:38.491Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31075", "datePublished": "2022-07-11T20:15:12", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:38.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A932E23-CC93-426C-B4D6-90A7D920CB95", "versionEndExcluding": "1.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ABDAE98-2267-449F-9FB0-D7A0536D2DE0", "versionEndExcluding": "1.10.2", "versionStartIncluding": "1.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:kubeedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D1541C6-7E77-43CC-982C-27768120D625", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to `/edge.crt`. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request can crash the HTTP service through a memory exhaustion vector. The request body is being read into memory, and a body that is larger than the available memory can lead to a successful attack. Because the request would have to make it through authorization, only authorized users may perform this attack. The consequence of the exhaustion is that CloudHub will be in denial of service. KubeEdge is affected only when users enable the CloudHub module in the file `cloudcore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the CloudHub switch in the config file `cloudcore.yaml`."}, {"lang": "es", "value": "KubeEdge es un sistema de c\u00f3digo abierto para extender las capacidades de orquestaci\u00f3n de aplicaciones nativas en contenedores a los hosts en Edge. En versiones anteriores a 1.11.1, 1.10.2 y 1.9.4, EdgeCore pod\u00eda ser susceptible de un ataque DoS en CloudHub si un atacante enviaba una petici\u00f3n HTTP bien dise\u00f1ada a \"/edge.crt\". Si un atacante puede enviar una petici\u00f3n HTTP bien dise\u00f1ada a CloudHub, y esa petici\u00f3n presenta un cuerpo muy grande, esa petici\u00f3n puede colapsar el servicio HTTP mediante un vector de agotamiento de memoria. El cuerpo de la petici\u00f3n est\u00e1 siendo le\u00edda en la memoria, y un cuerpo que es m\u00e1s grande que la memoria disponible puede conllevar a un ataque con \u00e9xito. Como la petici\u00f3n tendr\u00eda que pasar por la autorizaci\u00f3n, s\u00f3lo los usuarios autorizados pueden llevar a cabo este ataque. La consecuencia del agotamiento es que CloudHub estar\u00e1 en denegaci\u00f3n de servicio. KubeEdge est\u00e1 afectado s\u00f3lo cuando los usuarios habilitan el m\u00f3dulo CloudHub en el archivo \"cloudcore.yaml\". Este error ha sido corregido en Kubeedge versiones 1.11.1, 1.10.2 y 1.9.4. Como mitigaci\u00f3n, deshabilite el interruptor CloudHub en el archivo de configuraci\u00f3n \"cloudcore.yaml\""}], "id": "CVE-2022-31075", "lastModified": "2024-11-21T07:03:50.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-07-11T21:15:08.203", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/kubeedge/kubeedge/security/advisories/GHSA-x3px-2p95-f6jr"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "[email protected]", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object