CVE-2024-0793

HIGH

kubernetes < 1.27.0-alpha.1 - Denial of Service via HPA Config YAML

Title source: llm

Description

A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

References (5)

Core 5

Core References

Issue Tracking

https://github.com/openshift/kubernetes/pull/1876

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:0741

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:1267

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-0793

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2214402

Scores

CVSS v3 7.7

EPSS 0.0014

EPSS Percentile 33.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (3)

k8s.io/kubernetes 0 - 1.27.0-alpha.1Go

Red Hat/Red Hat OpenShift Container Platform 4

Red Hat/Red Hat OpenShift Container Platform 4.12 0:4.12.0-202403042037.p0.g9946c63.assembly.stream.el9

Published Nov 17, 2024

Tracked Since Feb 18, 2026