CVE-2023-32187

Summary

CVE-2023-32187 is a vulnerability that affects SUSE k3s, specifically versions v1.24.0 to v1.28.1+k3s1. It is categorized as an Allocation of Resources Without Limits or Throttling vulnerability, which allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) to cause a denial of service. The base severity of this vulnerability is rated as HIGH, with a base score of 7.5 out of 10. The exploitability score is 3.9 out of 10, indicating a moderate level of difficulty for exploitation. The impact score is 3.6 out of 10, suggesting a limited impact on confidentiality, integrity, and availability. Remediation for this vulnerability involves updating k3s to versions v1.24.17+k3s1, v1.25.13+k3s1, v1.26.8+k3s1, v1.27.5+k3s1, or v1.28.1+k3s1 to mitigate the risk it poses to organizations using SUSE k3s. Note: The analysis_description provided in the source is "None", so no additional information or analysis could be included in the report beyond the facts provided in the source text above.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.