argo-events
argo-events copied to clipboard
Argo Events Kubernetes Admission Webhook Denial of Service
Describe the bug send a large, crafted request and make the webhook crash due to OOMKill.
To replicate, please deploy Argo Events with the validating admission webhook. Then, port-forward to it:
kubectl port-forward svc/events-webhook 6443:443 -n argo-events
Then, run the PoC:
https://gist.github.com/jake-ciolek/9c86868cf71423a6b4cb6ff592181f51
via:
go run .
The webhook pod will crash after reading too much data. The workaround would be to implement its server with a LimitReader.
Thank you, Jakub Ciolek
Additional context Add any other context about the problem here.
Message from the maintainers:
If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.