Vulnerability-Lookup

CVE-2023-48713 (GCVE-0-2023-48713)

Vulnerability from cvelistv5 – Published: 2023-11-28 03:44 – Updated: 2024-10-11 17:58

Title

Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler

Summary

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

URL

Tags

	https://github.com/knative/serving/security/advis…	x_refsource_CONFIRM
	https://github.com/knative/serving/commit/012ee25…	x_refsource_MISC
	https://github.com/knative/serving/commit/101f814…	x_refsource_MISC
	https://github.com/knative/serving/commit/fff40ef…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	knative	serving	Affected: < 0.39.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:37:54.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
          },
          {
            "name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
          },
          {
            "name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
          },
          {
            "name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-48713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T17:51:35.195449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T17:58:05.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "serving",
          "vendor": "knative",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.39.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T03:44:59.538Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
        },
        {
          "name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
        },
        {
          "name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
        },
        {
          "name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
        }
      ],
      "source": {
        "advisory": "GHSA-qmvj-4qr9-v547",
        "discovery": "UNKNOWN"
      },
      "title": "Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-48713",
    "datePublished": "2023-11-28T03:44:59.538Z",
    "dateReserved": "2023-11-17T19:43:37.555Z",
    "dateUpdated": "2024-10-11T17:58:05.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-48713",
      "date": "2026-04-25",
      "epss": "0.00073",
      "percentile": "0.22002"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10.5\", \"matchCriteriaId\": \"F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.11.0\", \"versionEndExcluding\": \"1.11.3\", \"matchCriteriaId\": \"3672D2F9-C70C-4FC1-8992-B8EB42F755BB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.\"}, {\"lang\": \"es\", \"value\": \"Knative Serving se basa en Kubernetes para admitir la implementaci\\u00f3n y el servicio de aplicaciones y funciones como contenedores sin servidor. Un atacante que controla un pod hasta un punto en el que pueda controlar las respuestas desde el endpoint /metrics puede provocar una Denegaci\\u00f3n de Servicio del escalador autom\\u00e1tico debido a un error de asignaci\\u00f3n de memoria independiente. Esta es una vulnerabilidad DoS, donde un usuario de Knative sin privilegios puede provocar un DoS para el cl\\u00faster. Este problema se solucion\\u00f3 en la versi\\u00f3n 0.39.0.\"}]",
      "id": "CVE-2023-48713",
      "lastModified": "2024-11-21T08:32:18.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 3.6}]}",
      "published": "2023-11-28T04:15:07.820",
      "references": "[{\"url\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48713\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-11-28T04:15:07.820\",\"lastModified\":\"2024-11-21T08:32:18.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.\"},{\"lang\":\"es\",\"value\":\"Knative Serving se basa en Kubernetes para admitir la implementaci\u00f3n y el servicio de aplicaciones y funciones como contenedores sin servidor. Un atacante que controla un pod hasta un punto en el que pueda controlar las respuestas desde el endpoint /metrics puede provocar una Denegaci\u00f3n de Servicio del escalador autom\u00e1tico debido a un error de asignaci\u00f3n de memoria independiente. Esta es una vulnerabilidad DoS, donde un usuario de Knative sin privilegios puede provocar un DoS para el cl\u00faster. Este problema se solucion\u00f3 en la versi\u00f3n 0.39.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.5\",\"matchCriteriaId\":\"F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndExcluding\":\"1.11.3\",\"matchCriteriaId\":\"3672D2F9-C70C-4FC1-8992-B8EB42F755BB\"}]}]}],\"references\":[{\"url\":\"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-400\", \"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\"}, {\"name\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\"}, {\"name\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\"}, {\"name\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\"}], \"affected\": [{\"vendor\": \"knative\", \"product\": \"serving\", \"versions\": [{\"version\": \"\u003c 0.39.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-11-28T03:44:59.538Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.\"}], \"source\": {\"advisory\": \"GHSA-qmvj-4qr9-v547\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:37:54.657Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547\"}, {\"name\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca\"}, {\"name\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1\"}, {\"name\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48713\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T17:51:35.195449Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T17:52:42.765Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48713\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-11-17T19:43:37.555Z\", \"datePublished\": \"2023-11-28T03:44:59.538Z\", \"dateUpdated\": \"2024-10-11T17:58:05.682Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-QMVJ-4QR9-V547

Vulnerability from github – Published: 2023-11-27 23:27 – Updated: 2023-12-04 15:16

Summary

Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler

Details

Summary

A vulnerability was fond in Knative Serving that could allow an attacker to crash the Knative Serving autoscaler resulting in a denial of service. The attacker would need to have compromised one pod in the Knative Serving deployment, and with that position they could launch the attack against the autoscaler. When the autoscaler scrapes the metrics of pods, it sends a request to the /metrics endpoint of each pod and reads the response. The attacker would need to detect the request from the autoscaler to the /metrics endpoint of the pod they had compromised and send a malicious response back to the autoscaler. At this point, the autoscaler would crash. The root cause of the vulnerability was a memory exhaustion issue in the autoscaler that the attacker could trigger with the malicious reponse.

The vulnerability would allow a privilege escalation by the attacker from controlling one point to having negative impact on the entire Knative Serving deployment.

Impact

All users are vulnerable to this; Users that have not had any of their pods compromised are not at risk of this vulnerability.

Mitigation

The vulnerability has been patched in v1.10.5, v1.11.3 and v1.12.0

Credits

The vulnerability was reported by Ada Logics during an ongoing security audit of Knative involving Ada Logics, the Knative maintainers, OSTIF and CNCF.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "knative.dev/serving"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.39.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-48713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-27T23:27:04Z",
    "nvd_published_at": "2023-11-28T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nA vulnerability was fond in Knative Serving that could allow an attacker to crash the Knative Serving autoscaler resulting in a denial of service. The attacker would need to have compromised one pod in the Knative Serving deployment, and with that position they could launch the attack against the autoscaler. \nWhen the autoscaler scrapes the metrics of pods, it sends a request to the `/metrics` endpoint of each pod and reads the response. The attacker would need to detect the request from the autoscaler to the `/metrics` endpoint of the pod they had compromised and send a malicious response back to the autoscaler. At this point, the autoscaler would crash. The root cause of the vulnerability was a memory exhaustion issue in the autoscaler that the attacker could trigger with the malicious reponse.\n\nThe vulnerability would allow a privilege escalation by the attacker from controlling one point to having negative impact on the entire Knative Serving deployment.\n\n### Impact\nAll users are vulnerable to this; Users that have not had any of their pods compromised are not at risk of this vulnerability.  \n\n### Mitigation\nThe vulnerability has been patched in v1.10.5, v1.11.3 and v1.12.0\n\n### Credits\nThe vulnerability was reported by Ada Logics during an ongoing security audit of Knative involving Ada Logics, the Knative maintainers, OSTIF and CNCF.",
  "id": "GHSA-qmvj-4qr9-v547",
  "modified": "2023-12-04T15:16:16Z",
  "published": "2023-11-27T23:27:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
    },
    {
      "type": "WEB",
      "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/knative/serving"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler"
}

BDU:2023-08365

Vulnerability from fstec - Published: 16.10.2023

Title

Уязвимость средства поддержки развертывания и обслуживания приложений бессерверных контейнеров Knative Serving, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость средства поддержки развертывания и обслуживания приложений бессерверных контейнеров Knative Serving связана с неконтролируемым расходом ресурсов при обработке конечныйх точек в директории /metrics. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Knative Serving

Software Version

до 1.10.5 (Knative Serving), от 1.11.0 до 1.11.3 (Knative Serving), от 1.11.4 до 1.12.0 (Knative Serving)

Possible Mitigations

Использование рекомендаций: https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1 https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a https://github.com/knative/serving/releases

Reference

https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1 https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a https://knative.dev/development/serving/

CWE

CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.10.5 (Knative Serving), \u043e\u0442 1.11.0 \u0434\u043e 1.11.3 (Knative Serving), \u043e\u0442 1.11.4 \u0434\u043e 1.12.0 (Knative Serving)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca  \nhttps://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1 \nhttps://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\nhttps://github.com/knative/serving/releases",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08365",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-48713",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Knative Serving",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0431\u0435\u0441\u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Knative Serving, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0431\u0435\u0441\u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0445 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043e\u0432 Knative Serving \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u0439\u0445 \u0442\u043e\u0447\u0435\u043a \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 /metrics. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca  \nhttps://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1 \nhttps://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a\nhttps://knative.dev/development/serving/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

FKIE_CVE-2023-48713

Vulnerability from fkie_nvd - Published: 2023-11-28 04:15 - Updated: 2024-11-21 08:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca	Patch
security-advisories@github.com	https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1	Patch
security-advisories@github.com	https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a	Patch
security-advisories@github.com	https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547	Third Party Advisory

Impacted products

	Vendor	Product	Version
	knative	serving	*
	knative	serving	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83BBBFD-C622-41D7-BE6A-D7BA52B6B2D2",
              "versionEndExcluding": "1.10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3672D2F9-C70C-4FC1-8992-B8EB42F755BB",
              "versionEndExcluding": "1.11.3",
              "versionStartIncluding": "1.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."
    },
    {
      "lang": "es",
      "value": "Knative Serving se basa en Kubernetes para admitir la implementaci\u00f3n y el servicio de aplicaciones y funciones como contenedores sin servidor. Un atacante que controla un pod hasta un punto en el que pueda controlar las respuestas desde el endpoint /metrics puede provocar una Denegaci\u00f3n de Servicio del escalador autom\u00e1tico debido a un error de asignaci\u00f3n de memoria independiente. Esta es una vulnerabilidad DoS, donde un usuario de Knative sin privilegios puede provocar un DoS para el cl\u00faster. Este problema se solucion\u00f3 en la versi\u00f3n 0.39.0."
    }
  ],
  "id": "CVE-2023-48713",
  "lastModified": "2024-11-21T08:32:18.947",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-28T04:15:07.820",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-48713

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-48713

Aliases

CVE-2023-48713

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-48713",
    "id": "GSD-2023-48713"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-48713"
      ],
      "details": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.",
      "id": "GSD-2023-48713",
      "modified": "2023-12-13T01:20:39.263094Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-48713",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "serving",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 0.39.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "knative"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-400",
                "lang": "eng",
                "value": "CWE-400: Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
            "refsource": "MISC",
            "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
          },
          {
            "name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
            "refsource": "MISC",
            "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
          },
          {
            "name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
            "refsource": "MISC",
            "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
          },
          {
            "name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
            "refsource": "MISC",
            "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-qmvj-4qr9-v547",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.3",
                "versionStartIncluding": "1.11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:knative:serving:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-48713"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547",
              "refsource": "",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547"
            },
            {
              "name": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca",
              "refsource": "",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca"
            },
            {
              "name": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1",
              "refsource": "",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1"
            },
            {
              "name": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a",
              "refsource": "",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-12-01T21:53Z",
      "publishedDate": "2023-11-28T04:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-48713 (GCVE-0-2023-48713)

GHSA-QMVJ-4QR9-V547

Summary

Impact

Mitigation

Credits

BDU:2023-08365

FKIE_CVE-2023-48713

GSD-2023-48713

Tags

Sightings

Nomenclature