This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | RKE2 | unaffected |
|
Configuration 1 [-]
|
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-2553 | A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1. |
 Github GHSA |
GHSA-p45j-vfv5-wprq | RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack |
Wed, 25 Sep 2024 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Suse rke2
|
|
| CPEs | cpe:2.3:a:suse:rke2:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Suse rke2
|
|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: suse
Published:
Updated: 2024-09-25T14:50:27.689Z
Reserved: 2023-05-04T08:30:59.321Z
Link: CVE-2023-32186
Vulnrichment
Updated: 2024-08-02T15:10:24.595Z
NVD
Status : Modified
Published: 2023-09-19T10:15:13.357
Modified: 2024-11-21T08:02:52.080
Link: CVE-2023-32186
Redhat
No data.
OpenCVE Enrichment
No data.