CVE-2023-32186
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-32186 is a vulnerability classified as Allocation of Resources Without Limits or Throttling in SUSE RKE2. Attackers who have access to the K3s servers apiserver/supervisor port (TCP 6443) can exploit this vulnerability to cause a denial of service. The affected versions of RKE2 range from 1.24.0 to 1.28.1+rke2r1. To remediate this vulnerability, users should update their RKE2 installations to versions 1.24.17+rke2r1, 1.25.13+rke2r1, 1.26.8+rke2r1, 1.27.5+rke2r1, or 1.28.1+rke2r1 depending on the specific version being used. This vulnerability poses a high danger to organizations as it can result in disrupted services and potential loss of availability for affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions