A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Apr 2025 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Mon, 31 Mar 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 31 Mar 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability. | |
Title | Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion | |
First Time appeared |
Redhat
Redhat openshift Lightspeed |
|
Weaknesses | CWE-400 | |
CPEs | cpe:/a:redhat:openshift_lightspeed | |
Vendors & Products |
Redhat
Redhat openshift Lightspeed |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published: 2025-03-31T11:33:24.980Z
Updated: 2025-05-21T22:13:57.078Z
Reserved: 2025-03-21T05:56:36.705Z
Link: CVE-2025-2586

Updated: 2025-03-31T11:58:34.853Z

Status : Awaiting Analysis
Published: 2025-03-31T12:15:15.073
Modified: 2025-04-01T20:26:30.593
Link: CVE-2025-2586
