漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack
Vulnerability Description
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Google Kubernetes 输入验证错误漏洞
Vulnerability Description
Google Kubernetes是美国谷歌(Google)公司的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。API server是其中的一个API(应用编程接口)服务器。 Google Kubernetes中的API server存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下版本受到影响:Google Kubernetes v1.0版本至1.12版本,v1.13.12之前版本,v1.14.8之前版本,v1
CVSS Information
N/A
Vulnerability Type
N/A