CVE-2019-11254: kube-apiserver Denial of Service vulnerability from malicious YAML payloads #89535
Labels
kind/bug
Categorizes issue or PR as related to a bug.
needs-sig
Indicates an issue or PR lacks a `sig/foo` label and requires one.
official-cve-feed
Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
CVE-2019-11254 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
The issue was discovered via the fuzz test #83750.
Affected components:
Kubernetes API server
Affected versions:
<= v1.15.9, resolved in 1.15.10 by #87640
v1.16.0-v1.16.7, resolved in 1.16.8 by #87639
v1.17.0-v1.17.2, resolved in 1.17.3 by #87637
Fixed in master by #87467
How do I mitigate this vulnerability?
Prior to upgrading, these vulnerabilities can be mitigated by preventing unauthenticated or unauthorized access to kube-apiserver.
The text was updated successfully, but these errors were encountered: