CVE-2019-11254

Published: 01/04/2020 Updated: 02/10/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The Kubernetes API Server component in versions 1.1-1.14, and versions before 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes kubernetes

Hello Kubernetes Community, A denial of service vulnerability in the Kubernetes API Server was discovered and assigned CVE-2019-11254 This vulnerability has been given an initial severity of Medium (CVSS:30/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) <wwwfirstorg/cvss/calculator/30#CVSS:30/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H> Detai ...

NVD-CWE-Other https://github.com/kubernetes/kubernetes/issues/89535 https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ https://security.netapp.com/advisory/ntap-20200413-0003/https://nvd.nist.gov http://seclists.org/oss-sec/2020/q2/2

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11254

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect