6.5

CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KubernetesKubernetes Version < 1.11.8
KubernetesKubernetes Version >= 1.12.0 < 1.12.6
KubernetesKubernetes Version >= 1.13.0 < 1.13.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.61% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
josh@bress.net 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

http://www.securityfocus.com/bid/107290
Third Party Advisory
Broken Link
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1851
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3239
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/74534
Vendor Advisory
Issue Tracking
https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g
https://security.netapp.com/advisory/ntap-20190416-0002/
Third Party Advisory