5
CVSSv2

CVE-2019-11253

Published: 17/10/2019 Updated: 29/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Kubernetes API Server is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. The following products are affected: Kubernetes 1.0.0 up to and including 1.12.x Kubernetes 1.13.0 up to and including 1.13.11 Kubernetes 1.14.0 up to and including 1.14.7 Kubernetes 1.15.0 up to and including 1.15.4 Kubernetes 1.16.0 up to and including 1.16.1

Vulnerability Trend

Affected Products

Vendor Product Versions
KubernetesKubernetes1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.11, 1.4.12, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11, 1.9.12, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.10, 1.13.0, 1.13.1, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.14.7, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.16.0

Vendor Advisories

Synopsis Important: OpenShift Container Platform 4120 openshift security update Type/Severity Security Advisory: Important Topic An update for openshift is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A ...
Synopsis Important: OpenShift Container Platform 311 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 311Red Hat Product Security has rated this update as having a security impact of I ...
Synopsis Important: OpenShift Container Platform 310 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of ...
Synopsis Important: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impact of Imp ...

Github Repositories

Recent Articles

Public Bug Bounty Takes Aim at Kubernetes Container Project
Threatpost • Tara Seals • 14 Jan 2020

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation (CNCF).
The Kubernetes container-orchestration system was originally built by Google for automating application deployment, scaling and management in the cloud. The culmination of 15 years of development experience, Google open-sourced the Kubernetes project in 2014. It is now maintained by the CNCF, whose community of volunt...

Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
Threatpost • Tara Seals • 17 Oct 2019

A pair of bugs in the Kubernetes open-source cloud container software can be “highly dangerous” under some Kubernetes configurations, according to researchers.
The flaws, CVE-2019-16276 and CVE-2019-11253, have been patched in Kubernetes builds 1.14.8, 1.15.5 and 1.16.2.
Exploitation of the first issue, CVE-2019-16276, is “very simple,” according to Ariel Zelivansky and Aviv Sasson at Palo Alto Networks – and could allow an attacker to bypass authentication controls to acc...