CVE-2023-48713 - OpenCVE

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Knative	Serving

Configuration 1 [-]

OR	cpe:2.3:a:knative:serving::::::::
	cpe:2.3:a:knative:serving::::::::

References

Link	Resource
https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca	Patch
https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1	Patch
https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a	Patch
https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-28T03:44:59.538Z

Updated: 2023-11-28T03:44:59.538Z

Reserved: 2023-11-17T19:43:37.555Z

Link: CVE-2023-48713

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-28T04:15:07.820

Modified: 2023-12-01T21:53:20.687

Link: CVE-2023-48713

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-48713", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-17T19:43:37.555Z", "datePublished": "2023-11-28T03:44:59.538Z", "dateUpdated": "2023-11-28T03:44:59.538Z"}, "containers": {"cna": {"title": "Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"}, {"name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"}, {"name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"}, {"name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a", "tags": ["x_refsource_MISC"], "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"}], "affected": [{"vendor": "knative", "product": "serving", "versions": [{"version": "< 0.39.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-11-28T03:44:59.538Z"}, "descriptions": [{"lang": "en", "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."}], "source": {"advisory": "GHSA-qmvj-4qr9-v547", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2", "versionEndExcluding": "1.10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*", "matchCriteriaId": "3672D2F9-C70C-4FC1-8992-B8EB42F755BB", "versionEndExcluding": "1.11.3", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."}, {"lang": "es", "value": "Knative Serving se basa en Kubernetes para admitir la implementaci\u00f3n y el servicio de aplicaciones y funciones como contenedores sin servidor. Un atacante que controla un pod hasta un punto en el que pueda controlar las respuestas desde el endpoint /metrics puede provocar una Denegaci\u00f3n de Servicio del escalador autom\u00e1tico debido a un error de asignaci\u00f3n de memoria independiente. Esta es una vulnerabilidad DoS, donde un usuario de Knative sin privilegios puede provocar un DoS para el cl\u00faster. Este problema se solucion\u00f3 en la versi\u00f3n 0.39.0."}], "id": "CVE-2023-48713", "lastModified": "2023-12-01T21:53:20.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-11-28T04:15:07.820", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}