CVE Vulnerabilities

CVE-2022-21698

Uncontrolled Resource Consumption

Published: Feb 15, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of promhttp.InstrumentHandler* middleware except RequestsInFlight; not filter any specific methods (e.g GET) before middleware; pass metric with method label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown method. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the method label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Weakness

The product does not properly control the allocation and maintenance of a limited resource.

Affected Software

Name Vendor Start Version End Version
Client_golang Prometheus * 1.11.1 (excluding)
Logging subsystem for Red Hat OpenShift 5.4 RedHat openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-163 *
Logging subsystem for Red Hat OpenShift 5.4 RedHat openshift-logging/elasticsearch-rhel8-operator:v5.4.1-4 *
OADP-1.0-RHEL-8 RedHat oadp/oadp-registry-rhel8:1.0.4-6 *
OADP-1.0-RHEL-8 RedHat oadp/oadp-mustgather-rhel8:1.0.5-20 *
OADP-1.0-RHEL-8 RedHat oadp/oadp-rhel8-operator:1.0.5-16 *
OADP-1.1-RHEL-8 RedHat oadp/oadp-velero-plugin-rhel8:1.1.0-20 *
OADP-1.1-RHEL-8 RedHat oadp/oadp-velero-rhel8:1.1.6-7 *
OpenShift Logging 5.2 RedHat openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-168 *
OpenShift Logging 5.2 RedHat openshift-logging/elasticsearch-rhel8-operator:v5.2.10-5 *
OpenShift Logging 5.3 RedHat openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-171 *
OpenShift Logging 5.3 RedHat openshift-logging/elasticsearch-rhel8-operator:v5.3.7-5 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/client-kn-rhel8:1.3.1-4 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/ingress-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/knative-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/kourier-control-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-operator-bundle:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serverless-rhel8-operator:1.24.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-activator-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-controller-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-queue-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/serving-webhook-rhel8:1.3.0-3 *
Openshift Serveless 1.24 RedHat openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2 *
Openshift Serveless 1.24 RedHat openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2 *
Openshift Serverless 1 on RHEL 8 RedHat openshift-serverless-clients-0:1.3.1-4.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8060020220401155929.2e213529 *
Red Hat Enterprise Linux 8 RedHat grafana-0:7.5.15-3.el8 *
Red Hat Enterprise Linux 8 RedHat container-tools:3.0-8070020220802115906.39077419 *
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support RedHat container-tools:3.0-8040020240104111259.c0c392d5 *
Red Hat Enterprise Linux 8.4 Telecommunications Update Service RedHat container-tools:3.0-8040020240104111259.c0c392d5 *
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions RedHat container-tools:3.0-8040020240104111259.c0c392d5 *
Red Hat Enterprise Linux 9 RedHat grafana-0:7.5.15-3.el9 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7 *
Red Hat OpenShift Container Platform 4.10 RedHat openshift4/kubernetes-nmstate-rhel8-operator:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream *
Red Hat OpenShift Container Platform 4.10 RedHat openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.10.0-202207291908.p0.g5f0b20d.assembly.stream *
Red Hat OpenShift Container Platform 4.10 RedHat openshift4/ose-openstack-machine-controllers:v4.10.0-202204090935.p0.g12df76b.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat buildah-1:1.23.4-2.el8 *
Red Hat OpenShift Container Platform 4.11 RedHat openshift-clients-0:4.11.0-202207291716.p0.g7075089.assembly.stream.el8 *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8:v4.11.0-202208020235.p0.gf70a51b.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-alibaba-machine-controllers-rhel8:v4.11.0-202208020235.p0.g4145108.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g2c7529e.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-aws-pod-identity-webhook-rhel8:v4.11.0-202208020235.p0.ga085f1c.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-azure-disk-csi-driver-rhel8:v4.11.0-202208020235.p0.g0fe424e.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-azure-disk-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gc4197c3.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-azure-file-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gcbe7044.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-azure-file-csi-driver-rhel8:v4.11.0-202208020235.p0.g67c3831.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cloud-credential-operator:v4.11.0-202208020235.p0.g9a40d74.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-autoscaler-operator:v4.11.0-202208020706.p0.gfcffbcd.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-capi-operator-container-rhel8:v4.11.0-202208020235.p0.g1a88f55.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-capi-rhel8-operator:v4.11.0-202208020235.p0.g1a88f55.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-cloud-controller-manager-operator-rhel8:v4.11.0-202208020235.p0.gc2f2cbf.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator:v4.11.0-202208020706.p0.g8d0774f.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-etcd-rhel8-operator:v4.11.0-202208020235.p0.gbcae2f3.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-image-registry-operator:v4.11.0-202208020235.p0.g4d66ea3.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-kube-controller-manager-operator:v4.11.0-202208020235.p0.ga6cb428.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-kube-scheduler-operator:v4.11.0-202208020235.p0.gb8fed26.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-monitoring-operator:v4.11.0-202208020235.p0.gfcc377d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-network-operator:v4.11.0-202208020235.p0.g3528a6b.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-node-tuning-operator:v4.11.0-202208020235.p0.ga7921b7.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-openshift-controller-manager-operator:v4.11.0-202208020235.p0.g0315835.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-policy-controller-rhel8:v4.11.0-202208020235.p0.gc7201ed.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-samples-operator:v4.11.0-202208020235.p0.g375a4a9.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cluster-storage-operator:v4.11.0-202208020235.p0.gce8a6de.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-configmap-reloader:v4.11.0-202208020235.p0.gb7c03bb.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-console:v4.11.0-202208021257.p0.ge0d49a2.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202208020235.p0.g12cb253.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-driver-nfs-rhel8:v4.11.0-202208020235.p0.gf144bb4.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-driver-shared-resource-operator-rhel8:v4.11.0-202208020706.p0.gd3985eb.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-driver-shared-resource-rhel8:v4.11.0-202208020235.p0.g3f69f2f.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-external-provisioner:v4.11.0-202208020235.p0.g86277ec.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-external-provisioner-rhel8:v4.11.0-202208020235.p0.g86277ec.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-external-resizer:v4.11.0-202208020235.p0.g2cea576.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-external-resizer-rhel8:v4.11.0-202208020235.p0.g2cea576.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-snapshot-controller:v4.11.0-202208020235.p0.g0afdf73.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-csi-snapshot-controller-rhel8:v4.11.0-202208020235.p0.g0afdf73.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-docker-builder:v4.11.0-202208020235.p0.gb500d85.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-docker-registry:v4.11.0-202208020235.p0.g9f07f43.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-gcp-pd-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.gbc7bad4.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-haproxy-router:v4.11.0-202208020235.p0.g601ba57.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-ibmcloud-machine-controllers-rhel8:v4.11.0-202208020235.p0.g3bde969.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.ge4a2180.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-kube-state-metrics:v4.11.0-202208020235.p0.g896d000.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-machine-api-operator:v4.11.0-202208020235.p0.g4e3e83c.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-machine-config-operator:v4.11.0-202208020235.p0.ge722bb7.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-network-metrics-daemon-rhel8:v4.11.0-202208020235.p0.g9482ac9.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-openshift-controller-manager-rhel8:v4.11.0-202208020235.p0.g46157a3.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-openshift-state-metrics-rhel8:v4.11.0-202208020235.p0.g1a7a5dc.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-openstack-cinder-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.gae4c45c.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-openstack-machine-controllers:v4.11.0-202208020235.p0.g440ca42.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-operator-lifecycle-manager:v4.11.0-202208020235.p0.g8c2bd46.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-operator-marketplace:v4.11.0-202208020235.p0.g040c64e.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-prometheus:v4.11.0-202208020235.p0.gd2dfc27.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-prometheus-alertmanager:v4.11.0-202208020235.p0.g05cfc39.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-prometheus-operator:v4.11.0-202208020235.p0.gcb3afa2.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-sdn-rhel8:v4.11.0-202208020235.p0.gb76d388.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-telemeter:v4.11.0-202208020235.p0.g77b2966.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-tests:v4.11.0-202208020706.p0.gb860532.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-thanos-rhel8:v4.11.0-202208020235.p0.gf08da2d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-vsphere-cloud-controller-manager-rhel8:v4.11.0-202208020235.p0.g6fd8e8d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-vsphere-csi-driver-operator-rhel8:v4.11.0-202208020235.p0.g9914824.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-vsphere-problem-detector-rhel8:v4.11.0-202208020235.p0.g5910f33.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ovirt-csi-driver-rhel7:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ovirt-csi-driver-rhel8:v4.11.0-202208020235.p0.g0b3d79b.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ovirt-csi-driver-rhel8-operator:v4.11.0-202208020235.p0.g7a30e38.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cloud-event-proxy:v4.11.0-202208020706.p0.g642796d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-cloud-event-proxy-rhel8:v4.11.0-202208020706.p0.g642796d.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-sriov-network-webhook:v4.11.0-202209130958.p0.gb4f9fbd.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-operator-sdk-rhel8:v4.11.0-202301241446.p0.g1974dfd.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-helm-operator:v4.11.0-202302061916.p0.g1974dfd.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-baremetal-rhel8-operator:v4.11.0-202303061754.p0.g55cd252.assembly.stream *
Red Hat OpenShift Container Platform 4.11 RedHat openshift4/ose-multus-admission-controller:v4.11.0-202304192028.p0.gb876064.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4/ose-alibaba-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g1959de0.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4/ose-aws-ebs-csi-driver-rhel8:v4.12.0-202301042354.p0.g1584117.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4/ose-gcp-cloud-controller-manager-rhel8:v4.12.0-202301042354.p0.g8d208a7.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4/ose-gcp-pd-csi-driver-rhel8:v4.12.0-202301042354.p0.g223d846.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4/ose-ibm-vpc-block-csi-driver-rhel8:v4.12.0-202301042354.p0.g2364e6a.assembly.stream *
Red Hat OpenShift Container Platform 4.12 RedHat openshift4-wincw/windows-machine-config-rhel8-operator:7.0.0-22 *
Red Hat OpenShift Container Platform 4.13 RedHat openshift4/ose-alibaba-cloud-csi-driver-container-rhel8:v4.13.0-202304190216.p0.g68c0ecf.assembly.stream *
Red Hat OpenShift Container Platform 4.13 RedHat openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream *
Red Hat OpenShift Container Platform 4.13 RedHat openshift4/ose-multus-admission-controller:v4.13.0-202304190216.p0.gd6d52a7.assembly.stream *
Red Hat OpenShift Container Platform 4.13 RedHat openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202304190216.p0.g6f4295b.assembly.stream *
Red Hat OpenShift Data Foundation 4.11 on RHEL8 RedHat odf4/ocs-rhel8-operator:v4.11.0-67 *
Red Hat OpenShift Data Foundation 4.11 on RHEL8 RedHat odf4/odf-lvm-rhel8-operator:v4.11.0-39 *
Red Hat OpenShift Data Foundation 4.11 on RHEL8 RedHat odf4/odf-rhel8-operator:v4.11.0-27 *
Red Hat OpenShift Dev Spaces 3 Containers RedHat devspaces/configbump-rhel8:3.15-2 *
Red Hat OpenShift Dev Spaces 3 Containers RedHat devspaces/devspaces-rhel8-operator:3.15-10 *
Red Hat OpenStack Platform 16.1 RedHat etcd-0:3.3.23-10.el8ost *
Red Hat OpenStack Platform 16.2 RedHat etcd-0:3.3.23-10.el8ost *
RHEL-7-CNV-4.10 RedHat kubevirt-0:4.10.1-489.el7 *
RHEL-8 based Middleware Containers RedHat amq7/amq-broker-rhel8-operator:7.12.0-16 *
RHEL-8 based Middleware Containers RedHat amq7/amq-broker-rhel8-operator-bundle:7.12.0-10 *
RHEL-8-CNV-4.10 RedHat kubevirt-0:4.10.1-489.el8 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/hostpath-provisioner-rhel8:v4.10.1-5 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/hostpath-provisioner-rhel8-operator:v4.10.1-6 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/hyperconverged-cluster-webhook-rhel8:v4.10.1-19 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/kubevirt-template-validator:v4.10.1-4 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/libguestfs-tools:v4.10.1-8 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/virt-cdi-cloner:v4.10.1-16 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/virt-launcher:v4.10.1-8 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/hostpath-csi-driver:v4.10.2-1 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/hostpath-csi-driver-rhel8:v4.10.2-1 *
RHEL-8-CNV-4.10 RedHat container-native-virtualization/kubernetes-nmstate-handler-rhel8:v4.10.2-3 *
RHEL-8-CNV-4.11 RedHat container-native-virtualization/cluster-network-addons-operator:v4.11.0-26 *
RHEL-8-CNV-4.11 RedHat container-native-virtualization/kubemacpool:v4.11.0-26 *
RHOL-5.5-RHEL-8 RedHat openshift-logging/cluster-logging-rhel8-operator:v5.5.0-57 *
RHOL-5.5-RHEL-8 RedHat openshift-logging/eventrouter-rhel8:v0.4.0-14 *
RHOL-5.5-RHEL-8 RedHat openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-38 *
Golang-github-prometheus-client-golang Ubuntu bionic *
Golang-github-prometheus-client-golang Ubuntu focal *
Golang-github-prometheus-client-golang Ubuntu impish *
Golang-github-prometheus-client-golang Ubuntu kinetic *
Golang-github-prometheus-client-golang Ubuntu lunar *
Golang-github-prometheus-client-golang Ubuntu mantic *
Golang-github-prometheus-client-golang Ubuntu oracular *
Golang-github-prometheus-client-golang Ubuntu trusty *
Golang-github-prometheus-client-golang Ubuntu xenial *

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References