CVE-2019-1002100

🗓️ 01 Apr 2019 14:14:27Reported by dwfType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 211 Views

In Kubernetes < v1.11.8, v1.12.6, v1.13.4, specially crafted patch requests cause DoS

Reporter	Title	Published	Views	Family All 49
IBM Security Bulletins	Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100)	3 Apr 201922:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	15 Apr 202502:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by a Denial of Service vulnerability in Kubernetes API server	7 Mar 201909:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data - OpenSSL (CVE-2019-1543), Kubernetes (CVE-2019-1002100, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)	23 Oct 201914:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private Kubernetes	15 May 201920:55	–	ibm
BDU FSTEC	The vulnerability of the Kubernetes cluster management software, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.	19 May 202000:00	–	bdu_fstec
Cloud Foundry	CVE-2019-1002100: Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service \| Cloud Foundry	1 Apr 201900:00	–	cloudfoundry
CNVD	Google Kubernetes Denial of Service Vulnerability	6 Mar 201900:00	–	cnvd
Cvelist	CVE-2019-1002100	1 Apr 201914:14	–	cvelist
Debian CVE	CVE-2019-1002100	1 Apr 201914:14	–	debiancve

NVD

Node

kubernetes kubernetesRange<1.11.8

kubernetes kubernetesRange1.12.0–1.12.6

kubernetes kubernetesRange1.13.0–1.13.4

Node

redhat openshift_container_platformMatch3.10

redhat openshift_container_platformMatch3.11

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "v1.0.x"
      },
      {
        "status": "affected",
        "version": "v1.1.x"
      },
      {
        "status": "affected",
        "version": "v1.2.x"
      },
      {
        "status": "affected",
        "version": "v1.3.x"
      },
      {
        "status": "affected",
        "version": "v1.4.x"
      },
      {
        "status": "affected",
        "version": "v1.5.x"
      },
      {
        "status": "affected",
        "version": "v1.6.x"
      },
      {
        "status": "affected",
        "version": "v1.7.x"
      },
      {
        "status": "affected",
        "version": "v1.8.x"
      },
      {
        "status": "affected",
        "version": "v1.9.x"
      },
      {
        "status": "affected",
        "version": "v1.10.x"
      },
      {
        "lessThan": "v1.11.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.12.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.13.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20190416-0002/
groups	www.groups.google.com/forum/
securityfocus	www.securityfocus.com/bid/107290
access	www.access.redhat.com/errata/RHSA-2019:3239
github	www.github.com/kubernetes/kubernetes/issues/74534
access	www.access.redhat.com/errata/RHSA-2019:1851

21 Nov 2024 04:17Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24

CVSS 3.16.5

CVSS 36.5

EPSS0.02677

CWE-770