CVE-2019-1002100

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-1002100

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1002100.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-1002100

Aliases

Related

Published

2019-04-01T14:29:00Z

Modified

2025-02-14T10:40:26.473768Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. kubectl patch --type json or "Content-Type: application/json-patch+json") that consumes excessive resources while processing, causing a Denial of Service on the API Server.

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubelet
Events: Introduced

b2c7df37e34be8581976ae5b6289401530620ff9

Fixed

d16f820ebc930432e3e0f4ea43681713ee948cc5

Type: GIT
Repo: https://github.com/kubernetes/kubernetes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e209c9383fa00631d124c8adcc011d617339b3c

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.13.1-dev

v0.14.0

v0.14.1

v0.15.0

v0.16.0

v0.16.1

v0.16.2

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.21.1

v0.21.2

v0.3

v0.4

v0.5

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0-alpha.0

v1.1.0-alpha.1

v1.10.0-alpha.0

v1.10.0-alpha.1

v1.10.0-alpha.2

v1.10.0-alpha.3

v1.11.0

v1.11.0-alpha.0

v1.11.0-alpha.1

v1.11.0-alpha.2

v1.11.0-beta.0

v1.11.0-beta.1

v1.11.0-beta.2

v1.11.0-rc.1

v1.11.0-rc.2

v1.11.0-rc.3

v1.11.1

v1.11.1-beta.0

v1.11.2

v1.11.2-beta.0

v1.11.3

v1.11.3-beta.0

v1.11.4

v1.11.4-beta.0

v1.11.5

v1.11.5-beta.0

v1.11.6

v1.11.6-beta.0

v1.11.7

v1.11.7-beta.0

v1.11.8-beta.0

v1.12.0-alpha.0

v1.2.0-alpha.1

v1.2.0-alpha.2

v1.2.0-alpha.3

v1.2.0-alpha.4

v1.2.0-alpha.5

v1.2.0-alpha.6

v1.2.0-alpha.7

v1.2.0-alpha.8

v1.3.0-alpha.0

v1.3.0-alpha.1

v1.3.0-alpha.2

v1.3.0-alpha.3

v1.3.0-alpha.4

v1.3.0-alpha.5

v1.4.0-alpha.0

v1.4.0-alpha.1

v1.4.0-alpha.2

v1.4.0-alpha.3

v1.5.0-alpha.0

v1.5.0-alpha.1

v1.5.0-alpha.2

v1.6.0-alpha.0

v1.6.0-alpha.1

v1.6.0-alpha.2

v1.6.0-alpha.3

v1.7.0-alpha.0

v1.7.0-alpha.1

v1.7.0-alpha.2

v1.7.0-alpha.3

v1.7.0-alpha.4

v1.8.0-alpha.0

v1.8.0-alpha.1

v1.8.0-alpha.2

v1.8.0-alpha.3

v1.9.0-alpha.0

v1.9.0-alpha.1

v1.9.0-alpha.2

v1.9.0-alpha.3