CVE-2019-11254 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
The issue was discovered via the fuzz test #83750.
Affected components:
Kubernetes API server
Affected versions:
<= v1.15.9, resolved in 1.15.10 by #87640
v1.16.0-v1.16.7, resolved in 1.16.8 by #87639
v1.17.0-v1.17.2, resolved in 1.17.3 by #87637
Fixed in master by #87467
How do I mitigate this vulnerability?
Prior to upgrading, these vulnerabilities can be mitigated by preventing unauthenticated or unauthorized access to kube-apiserver.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4