CVE-2019-11254

🗓️ 01 Apr 2020 20:30:15Reported by kubernetesType

The Kubernetes API Server allows an authorized user to cause excessive CPU consumption by sending malicious YAML payloads

Reporter	Title	Published	Views	Family All 79
IBM Security Bulletins	Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.	14 Feb 202321:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.	14 Feb 202321:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	8 Jun 202321:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego	29 Aug 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2019-11254)	18 Aug 202022:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	18 Oct 202316:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server	1 Apr 202121:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.	11 Dec 202007:10	–	ibm
IBM Security Bulletins	Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2019-11254)	21 Jul 202019:34	–	ibm

NVD

Node

kubernetes kubernetesRange<1.15.10

kubernetes kubernetesRange1.16.0–1.16.7

kubernetes kubernetesRange1.17.0–1.17.3

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.15.10"
      },
      {
        "status": "affected",
        "version": "prior to 1.16.7"
      },
      {
        "status": "affected",
        "version": "prior to 1.17.3"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "1.2"
      },
      {
        "status": "affected",
        "version": "1.3"
      },
      {
        "status": "affected",
        "version": "1.4"
      },
      {
        "status": "affected",
        "version": "1.5"
      },
      {
        "status": "affected",
        "version": "1.6"
      },
      {
        "status": "affected",
        "version": "1.7"
      },
      {
        "status": "affected",
        "version": "1.8"
      },
      {
        "status": "affected",
        "version": "1.9"
      },
      {
        "status": "affected",
        "version": "1.10"
      },
      {
        "status": "affected",
        "version": "1.11"
      },
      {
        "status": "affected",
        "version": "1.12"
      },
      {
        "status": "affected",
        "version": "1.13"
      },
      {
        "status": "affected",
        "version": "1.14"
      }
    ]
  }
]

Source	Link
github	www.github.com/kubernetes/kubernetes/issues/89535
groups	www.groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
security	www.security.netapp.com/advisory/ntap-20200413-0003/

21 Nov 2024 04:20Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24

CVSS 3.16.5

EPSS0.00121

CWE-1050