Vulnerability Details : CVE-2024-0793
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
Vulnerability category: Denial of service
Products affected by CVE-2024-0793
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-0793
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-0793
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
3.1
|
4.0
|
Red Hat, Inc. | 2024-11-17 |
CWE ids for CVE-2024-0793
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: secalert@redhat.com (Primary)
References for CVE-2024-0793
-
https://bugzilla.redhat.com/show_bug.cgi?id=2214402
2214402 – (CVE-2024-0793) CVE-2024-0793 kube-controller-manager: malformed HPA v1 manifest causes crash
-
https://github.com/openshift/kubernetes/pull/1876
OCPBUGS-12210: Prevent partially filled HPA behaviors from crashing kube-controller-manager by jkyros · Pull Request #1876 · openshift/kubernetes · GitHub
-
https://access.redhat.com/errata/RHSA-2024:1267
RHSA-2024:1267 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:0741
RHSA-2024:0741 - Security Advisory - Red Hat 客户门户网站
-
https://access.redhat.com/security/cve/CVE-2024-0793
CVE-2024-0793 - Red Hat Customer Portal
Jump to