CVE-2022-31073

Name: CVE-2022-31073
Creator: NVD / NIST
Published: 2022-07-11T20:15:08.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.33%

Last modified Jun 17, 2026

CVE-2022-31073 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. EPSS estimates a 1.33% chance of exploitation in the next 30 days.

Description

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service. Malicious apps accidentally pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the `ServiceBus` module in the config file `edgecore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the `ServiceBus` module in the config file `edgecore.yaml`.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.33%

67.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Linuxfoundation	Kubeedge	< 1.9.4
Linuxfoundation	Kubeedge	>= 1.10.0, < 1.10.2
Linuxfoundation	Kubeedge	>= 1.11.0, < 1.11.1

References

https://github.com/kubeedge/kubeedge/pull/4038Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/4039Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/4042Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rhExploit, Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/4038Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/4039Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/pull/4042Issue Tracking, Patch, Third Party Advisory
https://github.com/kubeedge/kubeedge/security/advisories/GHSA-vwm6-qc77-v2rhExploit, Third Party Advisory

Timeline

Published: Jul 11, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-31073?

How severe is CVE-2022-31073?

CVE-2022-31073 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.33% probability of exploitation in the next 30 days.

How do I fix CVE-2022-31073?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-31073?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST