Lucene search

[email protected]CVE-2019-11254

HistoryApr 01, 2020 - 9:15 p.m.

CVE-2019-11254

2020-04-0121:15:13

CWE-1050

[email protected]

web.nvd.nist.gov

119

kubernetes

api server

cpu consumption

cve-2019-11254

nvd

security issue

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

Affected configurations

NVD

Node

kuberneteskubernetesRange<1.15.10

kuberneteskubernetesRange1.16.0–1.16.7

kuberneteskubernetesRange1.17.0–1.17.3

CPENameOperatorVersion
kubernetes:kuberneteskuberneteslt1.15.10
kubernetes:kuberneteskuberneteslt1.16.7
kubernetes:kuberneteskuberneteslt1.17.3

CPE	Name	Operator	Version
kubernetes:kubernetes	kubernetes	lt	1.15.10
kubernetes:kubernetes	kubernetes	lt	1.16.7
kubernetes:kubernetes	kubernetes	lt	1.17.3

CNA Affected

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.15.10"
      },
      {
        "status": "affected",
        "version": "prior to 1.16.7"
      },
      {
        "status": "affected",
        "version": "prior to 1.17.3"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "1.2"
      },
      {
        "status": "affected",
        "version": "1.3"
      },
      {
        "status": "affected",
        "version": "1.4"
      },
      {
        "status": "affected",
        "version": "1.5"
      },
      {
        "status": "affected",
        "version": "1.6"
      },
      {
        "status": "affected",
        "version": "1.7"
      },
      {
        "status": "affected",
        "version": "1.8"
      },
      {
        "status": "affected",
        "version": "1.9"
      },
      {
        "status": "affected",
        "version": "1.10"
      },
      {
        "status": "affected",
        "version": "1.11"
      },
      {
        "status": "affected",
        "version": "1.12"
      },
      {
        "status": "affected",
        "version": "1.13"
      },
      {
        "status": "affected",
        "version": "1.14"
      }
    ]
  }
]