Permalink
CVE-2026-10533
5.0 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation
A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that accumulate in etcd, causing API server performance degradation across the cluster.
References
Affected products
openshift
Matching in nixpkgs
pkgs.openshift
Build, deploy, and manage your applications with Docker and Kubernetes
-
nixos-unstable 4.19.0-202505210330
- nixpkgs-unstable 4.19.0-202505210330
- nixos-unstable-small 4.19.0-202505210330
pkgs.python312Packages.openshift
None
pkgs.python313Packages.openshift
Python client for the OpenShift API
pkgs.python314Packages.openshift
Python client for the OpenShift API
pkgs.gnomeExtensions.openshift-alerts
Display OpenShift cluster alerts in the GNOME Shell panel
pkgs.python313Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
pkgs.python314Packages.azure-mgmt-redhatopenshift
Microsoft Azure Red Hat Openshift Management Client Library for Python
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@stehessel Stephan Heßelmann <stephan@stehessel.de>
-
@moretea Maarten Hoogendoorn <maarten@moretea.nl>
-
@teto Matthieu Coudron <mcoudron@hotmail.com>