1. Home
  2. CVE Database
  3. CVE-2022-31074
MEDIUM · 4.5

CVE-2022-31074

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Clou...

Vulnerability Description

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.

CVSS Score

4.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
LinuxfoundationKubeedge< 1.9.4

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2022-31074?

CVE-2022-31074 is a vulnerability with a CVSS score of 4.5 (MEDIUM). KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Clou...

How severe is CVE-2022-31074?

CVE-2022-31074 has been rated MEDIUM with a CVSS base score of 4.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-31074?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Kubeedge.