CVE-2019-11254: kube-apiserver Denial of Service vulnerability from malicious YAML payloads

CVE-2019-11254 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML payloads to cause kube-apiserver to consume excessive CPU cycles while parsing YAML.
 
The issue was discovered via the fuzz test kubernetes/kubernetes#83750.
 
**Affected components:**
Kubernetes API server
 
**Affected versions:**
<= v1.15.9, resolved in 1.15.10 by https://github.com/kubernetes/kubernetes/pull/87640
v1.16.0-v1.16.7, resolved in 1.16.8 by https://github.com/kubernetes/kubernetes/pull/87639
v1.17.0-v1.17.2, resolved in 1.17.3 by https://github.com/kubernetes/kubernetes/pull/87637
Fixed in master by https://github.com/kubernetes/kubernetes/pull/87467
 
**How do I mitigate this vulnerability?**
Prior to upgrading, these vulnerabilities can be mitigated by preventing unauthenticated or unauthorized access to kube-apiserver.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2019-11254: kube-apiserver Denial of Service vulnerability from malicious YAML payloads #89535

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2019-11254: kube-apiserver Denial of Service vulnerability from malicious YAML payloads #89535

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions