CVE-2020-1750

Published: Jun 7, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36.

Affected (3)

Products: Redhat: Machine Config Operator

1 product

Machine Config Operator

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Machine Config Operator	From 4.2.0 to 4.2.36
Redhat Machine Config Operator	From 4.3.0 to 4.3.25
Redhat Machine Config Operator	From 4.4.0 to 4.4.3

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1808130

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1808130

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.