Improper input validation in Kubernetes
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume e…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.845 (99.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Kubernetes — versions prior to 1.13.12, prior to 1.14.8, prior to 1.15.5
Weakness classification (CWE)
Public proof-of-concept exploits
- 20142995/nuclei-templates
- ARPSyndicate/cve-scores
- ARPSyndicate/cvemon
- Metarget/cloud-native-security-book
- Metarget/metarget
- adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground
- adavarski/HomeLab-k8s-DevSecOps-playground
- alphaSeclab/sec-daily-2019
- cloudnative-security/hacking-kubernetes
- cyb3r-w0lf/nuclei-template-collection
References
- github.com/kubernetes/kubernetes/issues/83253 (x_refsource_CONFIRM)
- CVE-2019-11253: denial of service vulnerability from malicious YAML or JSON payloads (mailing-list, x_refsource_MLIST)
- RHSA-2019:3239 (vendor-advisory, x_refsource_REDHAT)
- security.netapp.com/advisory/ntap-20191031-0006/ (x_refsource_CONFIRM)
- RHSA-2019:3811 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2019:3905 (vendor-advisory, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2019-11253?
- CVE-2019-11253 is a high-severity vulnerability in Kubernetes, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2019-10-17.
- How severe is CVE-2019-11253?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2019-11253 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.