Kubernetes kube-controller-manager vulnerability discovered
CVE-2024-0793
7.7HIGH
Key Information
- Vendor
- kubernetes
- Vendor
- CVE Published:
- 17 November 2024
Summary
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published.
Collectors
NVD Database