Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2019-1002100

Published: 01/04/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 358
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Kubernetes

Vulnerability Summary

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes kubernetes

redhat openshift container platform 3.11

redhat openshift container platform 3.10

Vendor Advisories

Debian CVElist Bug Report Logs: kubernetes: CVE-2019-1002100: kube-apiserver: DoS with crafted patch of type json-patch
Debian Bug report logs - #923686 kubernetes: CVE-2019-1002100: kube-apiserver: DoS with crafted patch of type json-patch Package: src:kubernetes; Maintainer for src:kubernetes is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Mar 2019 20:57:02 UTC Severity: gr ...
Red Hat: Moderate: OpenShift Container Platform 3.11 security update
Synopsis Moderate: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Moderate Topic An update for atomic-openshift and jenkins-2-plugins is now available forRed Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impactof ...
Red Hat: Important: OpenShift Container Platform 3.10 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 310 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: CVE-2019-1002100
Impact: Moderate Public Date: 2019-02-28 CWE: CWE-20 Bugzilla: 1683190: CVE-2019-1002100 kube-apiserver ...

Github Repositories

https://github.com/novemberrain-test/k8s-aws

AWS Kubernetes AWS Kubernetes is a Kubernetes cluster deployed using Kubeadm tool It provides full integration with AWS It is able to handle ELB load balancers, EBS disks, Route53 domains etc AWS Kubernetes Updates Prerequisites and dependencies Including the module Addons Custom addons Tagging Updates 332020 Update to Kubernetes 1173, update addons and Calico SD

https://github.com/saipasham/kub_test-

kubernetes test play ground

AWS Kubernetes AWS Kubernetes is a Kubernetes cluster deployed using Kubeadm tool It provides full integration with AWS It is able to handle ELB load balancers, EBS disks, Route53 domains etc AWS Kubernetes Updates Prerequisites and dependencies Including the module Addons Custom addons Tagging Updates 1742019 Update to Kubernetes 1141 3132019 Update to Kuberne

https://github.com/thirupathi-chintu/terraform-aws-minikube

terraform-aws-minikube

AWS Minikube Terraform module AWS Minikube is a single node Kubernetes deployment in AWS It creates EC2 host and deploys Kubernetes cluster using Kubeadm tool It provides full integration with AWS It is able to handle ELB load balancers, EBS disks, Route53 domains etc Updates Prerequisites and dependencies Including the module Using custom AMI Image Addons Custom addons T

https://github.com/Marquesledivan/terraform-aws-k8s

terraform-aws-k8s

AWS Kubernetes AWS Kubernetes is a Kubernetes cluster deployed using Kubeadm tool It provides full integration with AWS It is able to handle ELB load balancers, EBS disks, Route53 domains etc AWS Kubernetes Updates Prerequisites and dependencies Including the module Addons Custom addons Tagging Updates 1742019 Update to Kubernetes 1141 3132019 Update to Kuberne

https://github.com/RohtangLa/terraform-aws-kubernetes

AWS Kubernetes AWS Kubernetes is a Kubernetes cluster deployed using Kubeadm tool It provides full integration with AWS It is able to handle ELB load balancers, EBS disks, Route53 domains etc AWS Kubernetes Updates Prerequisites and dependencies Including the module Addons Custom addons Tagging Updates 24112020 Update to Kubernetes 1194 18102020 Update to Kuber

References

CWE-770https://github.com/kubernetes/kubernetes/issues/74534http://www.securityfocus.com/bid/107290https://security.netapp.com/advisory/ntap-20190416-0002/https://access.redhat.com/errata/RHSA-2019:1851https://access.redhat.com/errata/RHSA-2019:3239https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9ghttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923686https://nvd.nist.govhttps://github.com/saipasham/kub_test-https://access.redhat.com/security/cve/cve-2019-1002100
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook