CVE-2023-32186

7.5HIGH

Key Information

Vendor: SUSE
Status: RKE2
Vendor: CVE Published:; 19 September 2023

Summary

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.

Affected Version(s)

RKE2 < 1.24.17+rke2r1

RKE2 < v1.25.0

RKE2 < v1.26.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 19, 2023
Vulnerability Reserved.
May 4, 2023

Collectors

NVD DatabaseMitre Database