CVE-2024-0793

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0741
https://access.redhat.com/errata/RHSA-2024:1267
https://access.redhat.com/security/cve/CVE-2024-0793
https://bugzilla.redhat.com/show_bug.cgi?id=2214402
https://github.com/openshift/kubernetes/pull/1876

Configurations

No configuration.

History

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en kube-controller-manager. Este problema ocurre cuando la aplicación inicial de un archivo YAML de configuración de HPA que carece de un bloque .spec.behavior.scaleUp provoca una denegación de servicio debido a que los pods de KCM entran en un estado de reinicio.

17 Nov 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-17 11:15

Updated : 2024-11-18 17:11

NVD link : CVE-2024-0793

Mitre link : CVE-2024-0793

CVE.ORG link : CVE-2024-0793

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

7.7 /10