CVE-2019-11253 (retired)

Priority
Description
Improper input validation in the Kubernetes API server in versions
v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2
allows authorized users to send malicious YAML or JSON payloads, causing
the API server to consume excessive CPU or memory, potentially crashing and
becoming unavailable. Prior to v1.14.0, default RBAC policy authorized
anonymous users to submit requests that could trigger this vulnerability.
Clusters upgraded from a version prior to v1.14.0 keep the more permissive
policy by default for backwards compatibility.
Notes
leosilvakubernates is in fact a kubernetes installer
that calls snap, not the package it self.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):ignored
Ubuntu 19.10 (Eoan Ermine):ignored
More Information

Updated: 2019-10-24 00:14:49 UTC (commit 16e5c4d87c5f3788b618768306d692e77f84d251)