关键漏洞信息 CVE编号: CVE-2025-2586 漏洞描述: Unauthenticated Metrics Flooding in OpenShift Lightspeed Service Leading to Resource Exhaustion 报告日期: 2025-03-21 06:02 UTC 修改日期: 2025-03-31 11:10 UTC 优先级: 高 严重性: 高 产品: Security Response 组件: vulnerability 操作系统: Linux 状态: NEW 截止日期: 2025-03-31 漏洞详情 The OpenShift Lightspeed Service does not enforce authentication when logging metrics for API requests, including those made to non-existent endpoints. This allows unauthenticated users to send a large volume of requests to arbitrary, non-existent endpoints, causing excessive metric entries. As a result, this behavior can lead to high CPU and memory usage, degraded application performance, and potential denial of service conditions for monitoring and logging components.