vulnerability
Red Hat OpenShift: CVE-2019-11254: kubernetes: Denial of service in API server via crafted YAML payloads by authorized users
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | Apr 1, 2020 | Dec 29, 2020 | Apr 11, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
Apr 1, 2020
Added
Dec 29, 2020
Modified
Apr 11, 2025
Description
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
Solution(s)
linuxrpm-upgrade-atomic-openshiftlinuxrpm-upgrade-openshift
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.