Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged

Filter by:

With package: k3sup

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2023-32187

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months ago

An Allocation of Resources Without Limits or Throttling vulnerability in …

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.

References

Affected products

k3s

<v1.28.1+k3s1
<1.25.13+k3s1
<1.27.5+k3s1
<v1.24.17+k3s1
<1.26.8+k3s1
<1.28.1+k3s1
<v1.27.5+k3s1
<v1.25.13+k3s1
<v1.26.8+k3s1
<1.24.17+k3s1

Matching in nixpkgs

pkgs.k3sup

Bootstrap Kubernetes with k3s over SSH

nixos-unstable -
- nixpkgs-unstable 0.13.11

pkgs.k3s_1_31

Lightweight Kubernetes distribution

nixos-unstable -
- nixpkgs-unstable 1.31.12+k3s1

pkgs.k3s_1_32

Lightweight Kubernetes distribution

nixos-unstable -
- nixpkgs-unstable 1.32.8+k3s1

pkgs.k3s_1_33

Lightweight Kubernetes distribution

nixos-unstable -
- nixpkgs-unstable 1.33.4+k3s1

Package maintainers

@yajo Jairo Llopis <yajo.sk8@gmail.com>
@marcusramberg Marcus Ramberg <marcus@means.no>
@frederictobiasc Frédéric Christ <dev@ntr.li>
@euank Euan Kemp <euank-nixpkg@euank.com>
@rorosen Robert Rose <robert.rose@mailbox.org>
@wrmilling Winston R. Milling <Winston@Milli.ng>
@Mic92 Jörg Thalheim <joerg@thalheim.io>
@welteki Han Verstraete <welteki@pm.me>
@qjoly Quentin JOLY <github@une-pause-cafe.fr>

1