Denial of service vulnerability in Kubernetes - CVE-2019-16276 (dpkg)ID: oval:org.secpod.oval:def:59282 | Date: (C)2019-10-21 (M)2023-11-13 |
Class: VULNERABILITY | Family: unix |
The host is installed with Kubernetes version 1.14.x before 1.14.8, 1.15.x before 1.15.5 or 1.16.x before 1.16.2 and is prone to an HTTP protocol violation vulnerability. A flaw is present in the application, which fails to handle the Gos net/http Library. Successful exploitation allows attackers who are able to authenticate to the front proxy, to impersonate other users or groups in the system.
Product: |
kubeadm |
kubectl |
kubelet |