← volver
CVE-2019-1002100

CVE-2019-1002100

CVSS 6.5 MEDIUMEPSS 10.5%
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 10.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
01 abr 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Kubernetes · Kubernetes

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2019:1851https://access.redhat.com/errata/RHSA-2019:3239https://github.com/kubernetes/kubernetes/issues/74534https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9ghttps://security.netapp.com/advisory/ntap-20190416-0002/http://www.securityfocus.com/bid/107290