CVE-2023-32186

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.
This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.

Una vulnerabilidad de Asignación de Recursos sin Límites o Throttling en SUSE RKE2 permite a los atacantes con acceso al puerto apiserver/supervisor de servidores K3s (TCP 6443) causar denegación de servicio. Este problema afecta a RKE2: desde la versión 1.24.0 antes de 1.24.17+rke2r1, desde la versión v1.25.0 antes de v1.25.13+rke2r1, desde la versión v1.26.0 antes de v1.26.8+rke2r1, desde la versión v1.27.0 antes de v1.27.5+rke2r1, desde la versión v1.28.0 antes de v1.28.1+rke2r1.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-05-04 CVE Reserved
2023-09-19 CVE Published
2024-09-25 CVE Updated
2024-10-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32186	2023-09-22
https://github.com/rancher/rke2/security/advisories/GHSA-p45j-vfv5-wprq	2023-09-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				>= 1.24.0\+rke2r1 < 1.24.17\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version " >= 1.24.0\+rke2r1 < 1.24.17\+rke2r1"		-		Affected
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				>= 1.25.0\+rke2r1 < 1.25.13\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version " >= 1.25.0\+rke2r1 < 1.25.13\+rke2r1"		-		Affected
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				>= 1.26.0\+rke2r1 < 1.26.8\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version " >= 1.26.0\+rke2r1 < 1.26.8\+rke2r1"		-		Affected
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				>= 1.27.1\+rke2r1 < 1.27.5\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version " >= 1.27.1\+rke2r1 < 1.27.5\+rke2r1"		-		Affected
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				1.28.1\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version "1.28.1\+rke2r1"		rc1		Affected
Suse Search vendor "Suse"		Rancher Rke2 Search vendor "Suse" for product "Rancher Rke2"				1.28.1\+rke2r1 Search vendor "Suse" for product "Rancher Rke2" and version "1.28.1\+rke2r1"		rc2		Affected