Vulnerability DatabaseCVE-2023-48713
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-48713
November 28, 2023
Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound memory allocation bug. This is a DoS vulnerability, where a non-privileged Knative user can cause a DoS for the cluster. This issue has been patched in version 0.39.0.
Affected Packages
knative.dev/serving (GO):
Affected version(s) >=v0.0.0-20190725072635-293a57187ac5 <v0.39.0
Fix Suggestion:
Update to version v0.39.0
Related ResourcesĀ (6)
https://github.com/knative/serving/commit/101f814112b9ca0767f457e7e616b46205551cf1
https://nvd.nist.gov/vuln/detail/CVE-2023-48713
https://github.com/knative/serving/security/advisories/GHSA-qmvj-4qr9-v547
https://github.com/knative/serving/commit/012ee2509231b80b7842139bfabc30516d3026ca
https://github.com/knative/serving/commit/fff40ef7bac9be8380ec3d1c70fc15b57093382a
https://github.com/knative/serving
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
0.07