Denial of Service Vulnerability in SUSE k3s
CVE-2023-32187

7.5HIGH

Key Information:

Vendor: SUSE
Status: k3s
Vendor: CVE Published:; 18 September 2023

Summary

A vulnerability in SUSE k3s allows attackers with access to the k3s server's apiserver/supervisor port (TCP 6443) to trigger denial of service conditions. This affects several versions of k3s, potentially leading to unavailability of services due to resource exhaustion. It is crucial for users to assess their deployments and apply appropriate security patches to mitigate the risk posed by this vulnerability.

Affected Version(s)

k3s v1.24.0

k3s v1.25.0

k3s v1.26.0

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32187h...

https://github.com/k3s-io/k3s/security/advisories/GHSA-m4...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
May 4, 2023