CVE-2024-25132

EPSS 0.13%
Veröffentlicht 19.03.2025 17:57:14
Zuletzt bearbeitet 19.03.2025 18:15:20
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If a ClusterSync.hiveinternal.openshift.io/v1alpha1 resource is also created, the hive hibernation controller will enter the reconciliation loop leading to a panic when accessing a non-existing field in the ClusterDeployment’s status section, resulting in a denial of service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/openshift/hive

≫

Paket hive

Default Statusunaffected

Version < 126c7eb43aa55a008b8f0cf594e7bd18086841eb

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.334

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://access.redhat.com/security/cve/CVE-2024-25132

https://bugzilla.redhat.com/show_bug.cgi?id=2260371

https://nvd.nist.gov/vuln/detail/CVE-2024-25132

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25132

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25132

EUVD