CVE-2022-31074

MEDIUM

KubeEdge < 1.9.4, 1.10.0-1.10.1, 1.11.0 - Denial of Service via Large HTTP Request Body

Title source: llm

Description

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_confirm

https://github.com/kubeedge/kubeedge/security/advisories/GHSA-w52j-3457-q9wr

Scores

CVSS v3 4.5

EPSS 0.0028

EPSS Percentile 51.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (2)

kubeedge/kubeedge 1.11.0 - 1.11.1Go

linuxfoundation/kubeedge < 1.9.4

Published Jul 11, 2022

Tracked Since Feb 18, 2026