Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2019-1002100: Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service

by: April 1, 2019

CVE-2019-1002100: Kubernetes API Server Patch Request Consumes Excess Resource Cause Denial of Service

Severity

Medium

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

  • Cloud Foundry Container Runtime (CFCR)
    • All versions prior to 0.31.0

Description

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type “json-patch” (e.g. `kubectl patch –type json` or `”Content-Type: application/json-patch+json”`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

  • Releases that have fixed this issue include:
    • CFCR version 0.31.0

History

2019-04-01: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

CVE-2016-4450 Nginx Vulnerabilities
Security Advisory

CVE-2016-4450 Nginx Vulnerabilities

by Cloud Foundry Foundation Security Team July 13, 2016
USN-4012-1: elfutils vulnerabilities
Security Advisory

USN-4012-1: elfutils vulnerabilities

by Cloud Foundry Foundation Security Team June 18, 2019
USN-5319-1: Linux kernel vulnerabilities
Security Advisory

USN-5319-1: Linux kernel vulnerabilities

by Cloud Foundry Foundation Security Team April 21, 2022
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept