CVE-2024-0793
published 2024-11-17CVE-2024-0793: A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes…
PriorityP337high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
EPSS
0.60%
44.2th percentile
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k8s.io | kubernetes | >= 0 < 1.27.0-alpha.1 | 1.27.0-alpha.1 |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
vendor_redhat7.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kube-controller-manager: malformed HPA v1 manifest causes crash
vendor_redhat·2024-02-07·CVSS 7.7
CVE-2024-0793 [HIGH] CWE-20 kube-controller-manager: malformed HPA v1 manifest causes crash
kube-controller-manager: malformed HPA v1 manifest causes crash
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: microshift (Red Hat OpenShift Conta
OSV
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
osv·2024-11-19
CVE-2024-0793 Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
GHSA
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
ghsa·2024-11-17
CVE-2024-0793 [HIGH] CWE-20 Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
OSV
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
osv·2024-11-17
CVE-2024-0793 [HIGH] Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-6481 logback: A serialization vulnerability in logback receiver
bugzilla·2023-12-05·CVSS 7.5
CVE-2023-6481 [HIGH] CVE-2023-6481 logback: A serialization vulnerability in logback receiver
CVE-2023-6481 logback: A serialization vulnerability in logback receiver
A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.
https://logback.qos.ch/news.html#1.3.12
https://logback.qos.ch/news.html#1.3.14
Discussion:
Created picocli tracking bugs for this issue:
Affects: fedora-all [bug 2252957]
---
This issue has been addressed in the following products:
RHINT Camel-Springboot 4.0.3
Via RHSA-2024:0793 https://access.redhat.com/errata/RHSA-2024:0793
---
This issue has been addressed in the following products:
RHOSS-1.31-RHEL-8
Via RHSA-2024:0843 https://access.redhat.com/errata/RHSA-2024:0843
---
This issue has been addressed in the follo
Bugzilla
CVE-2023-6378 logback: serialization vulnerability in logback receiver
bugzilla·2023-11-30·CVSS 7.5
CVE-2023-6378 [HIGH] CVE-2023-6378 logback: serialization vulnerability in logback receiver
CVE-2023-6378 logback: serialization vulnerability in logback receiver
A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
https://logback.qos.ch/news.html#1.3.12
Discussion:
Created picocli tracking bugs for this issue:
Affects: fedora-all [bug 2252951]
---
This issue has been addressed in the following products:
RHINT Camel-Springboot 4.0.3
Via RHSA-2024:0793 https://access.redhat.com/errata/RHSA-2024:0793
---
This issue has been addressed in the following products:
Red Hat JBoss AMQ
Via RHSA-2024:2945 https://access.redhat.com/errata/RHSA-2024:2945
---
This issue has been addressed in the following products:
Red Hat Fuse 7.13.0
Via RHSA-2024:3354 https
2024-11-17
Published