4 matches found
SUSE CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
GO-2025-4021 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni...
Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Summary A nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource requests through the API endpoints. Details The vulnerability exists in the isSensitiveSpec function whic...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...