vulnerability

Kubernetes: CVE-2019-11252: Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 23, 2020
Added
Aug 7, 2020
Modified
Aug 11, 2025

Description

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

Solutions

kubernetes-upgrade-1_13_12kubernetes-upgrade-1_14_8kubernetes-upgrade-1_15_5kubernetes-upgrade-1_16_2

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today