Closed
Description
Advisory CVE-2024-0793 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/openshift/kubernetes |
Description:
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
References:
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-0793
- FIX: OCPBUGS-12210: Prevent partially filled HPA behaviors from crashing kube-controller-manager openshift/kubernetes#1876
- WEB: https://access.redhat.com/errata/RHSA-2024:0741
- WEB: https://access.redhat.com/errata/RHSA-2024:1267
- WEB: https://access.redhat.com/security/cve/CVE-2024-0793
- WEB: https://bugzilla.redhat.com/show_bug.cgi?id=2214402
Cross references:
- github.com/openshift/kubernetes appears in 1 other report(s):
- data/excluded/GO-2023-2171.yaml (x/vulndb: potential Go vuln in github.com/openshift/kubernetes: CVE-2023-5408 #2171) EFFECTIVELY_PRIVATE
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/openshift/kubernetes
vulnerable_at: 1.30.0
summary: CVE-2024-0793 in github.com/openshift/kubernetes
cves:
- CVE-2024-0793
references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-0793
- fix: https://github.com/openshift/kubernetes/pull/1876
- web: https://access.redhat.com/errata/RHSA-2024:0741
- web: https://access.redhat.com/errata/RHSA-2024:1267
- web: https://access.redhat.com/security/cve/CVE-2024-0793
- web: https://bugzilla.redhat.com/show_bug.cgi?id=2214402
source:
id: CVE-2024-0793
created: 2024-11-17T12:01:19.850227951Z
review_status: UNREVIEWED