CVE-2019-11253
HIGH NUCLEIKubernetes v1.0-1.12 and < v1.13.12, v1.14.8, v1.15.5, v1.16.2 - Denial of Service via Malicious YAML/JSON Payloads
Title source: llmExploitation Summary
CVE-2019-11253 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
Nuclei Templates (1)
Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
HIGHby ritikchaddha
Shodan:
http.favicon.hash:-847792508
FOFA:
icon_hash="-847792508"
References (6)
Core 6
Core References
Exploit, Issue Tracking, Mitigation, Third Party Advisory x_refsource_confirm
https://github.com/kubernetes/kubernetes/issues/83253
Mailing List mailing-list
x_refsource_mlist
https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3239
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20191031-0006/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3811
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3905
Scores
CVSS v3
7.5
EPSS
0.2594
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-776
CWE-20
Status
published
Products (5)
k8s.io/kubernetes
1.0.0 - 1.13.12Go
kubernetes/kubernetes
1.1.0 - 1.12.10
redhat/openshift_container_platform
3.9
redhat/openshift_container_platform
3.10
redhat/openshift_container_platform
3.11
Published
Oct 17, 2019
Tracked Since
Feb 18, 2026