Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-11253

Published: 17/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 448
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Kubernetes

Vulnerability Summary

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes kubernetes

redhat openshift container platform 3.9

redhat openshift container platform 3.11

redhat openshift container platform 3.10

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Service Mesh 1.1 servicemesh-operator security update
Synopsis Important: Red Hat OpenShift Service Mesh 11 servicemesh-operator security update Type/Severity Security Advisory: Important Topic An update for servicemesh-operator is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Import ...
Red Hat: Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-cni security update
Synopsis Important: Red Hat OpenShift Service Mesh 10 servicemesh-cni security update Type/Severity Security Advisory: Important Topic An update for servicemesh-cni is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Important A Com ...
Red Hat: Important: OpenShift Container Platform 3.11 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 311 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 311Red Hat Product Security has rated this update as having a security impact of I ...
Red Hat: Important: Red Hat OpenShift Service Mesh servicemesh-cni security update
Synopsis Important: Red Hat OpenShift Service Mesh servicemesh-cni security update Type/Severity Security Advisory: Important Topic An update for servicemesh-cni is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Important: OpenShift Container Platform 4.1.20 openshift security update
Synopsis Important: OpenShift Container Platform 4120 openshift security update Type/Severity Security Advisory: Important Topic An update for openshift is now available for Red Hat OpenShift Container Platform 41Red Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update
Synopsis Important: Red Hat OpenShift Service Mesh 10 servicemesh-prometheus security update Type/Severity Security Advisory: Important Topic An update for servicemesh-prometheus is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Im ...
Red Hat: Important: OpenShift Container Platform 3.10 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 310 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 310Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update
Synopsis Important: Red Hat OpenShift Service Mesh 10 servicemesh-grafana security update Type/Severity Security Advisory: Important Topic An update for servicemesh-grafana is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Importan ...
Red Hat: Moderate: Release of containers for OSP 16.2.z director operator tech preview
Synopsis Moderate: Release of containers for OSP 162z director operator tech preview Type/Severity Security Advisory: Moderate Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: kubernetes: YAML parsing v ...
Red Hat: Important: OpenShift Container Platform 3.9 atomic-openshift security update
Synopsis Important: OpenShift Container Platform 39 atomic-openshift security update Type/Severity Security Advisory: Important Topic An update for atomic-openshift is now available for Red Hat OpenShiftContainer Platform 39Red Hat Product Security has rated this update as having a security impact of Imp ...
Red Hat: Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update
Übersicht Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update Typ/Schweregrad Security Advisory: Important Thema An update for servicemesh-grafana is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Importan ...

Recent Articles

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay
The Register • Tim Anderson • 10 May 2021

But we heard the message loud and clear – it's pretty much the standard runtime platform now

Kubecon A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises. Kubecon Europe took place online last week with more than 27,000 attendees, according to Chris Aniszczyk, CTO of the Cloud Native Computing Foundation (CNCF), which hosts the Kubernetes project among many others. That is a substantial i...

Read more...

References

CWE-776https://github.com/kubernetes/kubernetes/issues/83253https://access.redhat.com/errata/RHSA-2019:3239https://security.netapp.com/advisory/ntap-20191031-0006/https://access.redhat.com/errata/RHSA-2019:3811https://access.redhat.com/errata/RHSA-2019:3905https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxshttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:2795
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook