Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Vulnerability Description
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. The vulnerability exists in the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. When a resource is created with an empty Metadata field, the CreateResource function attempts to access resource.Metadata.Version causing a segmentation fault. This vulnerability is fixed in 1.1.5 and 1.0.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
对异常条件检查或处理不恰当
Vulnerability Title
Omni 安全漏洞
Vulnerability Description
omni是Sidero Labs, Inc.开源的一个Kubernetes的部署工具。 Omni 1.1.5之前版本和1.0.2之前版本存在安全漏洞,该漏洞源于isSensitiveSpec函数未检查resource的metadata字段是否为空,可能导致空指针取消引用和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A