CVE-2023-32187

7.5HIGH

Key Information

Vendor: SUSE
Status: k3s
Vendor: CVE Published:; 18 September 2023

Summary

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.

Affected Version(s)

k3s < v1.24.0

k3s < v1.25.0

k3s < v1.26.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 18, 2023
Vulnerability Reserved.
May 4, 2023

Collectors

NVD DatabaseMitre Database