apk package

chainguard/vault-k8s-fips

pkg:apk/chainguard/vault-k8s-fips

Vulnerabilities (63)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-39325		—		< 1.3.1-r0	1.3.1-r0	Oct 11, 2023	A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-44487	Hig	7.5	KEV	< 1.3.1-r0	1.3.1-r0	Oct 10, 2023	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2020-8559		—		< 1.4.2-r8	1.4.2-r8	Jul 22, 2020	The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

CVE-2023-39325Oct 11, 2023
affected < 1.3.1-r0fixed 1.3.1-r0
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
CVE-2023-44487HigKEVOct 10, 2023
affected < 1.3.1-r0fixed 1.3.1-r0
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2020-8559Jul 22, 2020
affected < 1.4.2-r8fixed 1.4.2-r8
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Page 4 of 4