CVE-2019-1002100

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-1002100

Severity

6.5

Medium

CVSS V3

Description

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. kubectl patch --type json or "Content-Type: application/json-patch+json") that consumes excessive resources while processing, causing a Denial of Service on the API Server.

References

https://images.chainguard.dev/security/CGA-w892-3j99-vg54
https://github.com/advisories/GHSA-q4rr-64r9-fwgf
http://www.securityfocus.com/bid/107290
https://access.redhat.com/errata/RHSA-2019:1851
https://access.redhat.com/errata/RHSA-2019:3239
https://github.com/kubernetes/kubernetes/issues/74534
https://security.netapp.com/advisory/ntap-20190416-0002/
https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2019-1002100

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company