Uncontrolled Resource Consumption in HAProxy Affects OpenShift Clusters
CVE-2023-0056

6.5MEDIUM

Key Information:

Vendor: Haproxy
Status: Haproxy
Vendor: CVE Published:; 23 March 2023

What is CVE-2023-0056?

A vulnerability has been identified in HAProxy, which allows an authenticated remote attacker to exploit uncontrolled resource consumption. By deploying a specially crafted malicious server within an OpenShift cluster, the attacker could potentially crash the HAProxy service, leading to significant disruption in service availability. This vulnerability underscores the importance of patching and monitoring resources in cloud-hosted environments.

Affected Version(s)

haproxy unknown

References

https://access.redhat.com/security/cve/CVE-2023-0056

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Jan 4, 2023

Haproxy

What is CVE-2023-0056?

Affected Version(s)

References

CVSS V3.1

Timeline