Vulnerability DatabaseCVE-2024-12401
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-12401
December 12, 2024
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Related ResourcesĀ (14)
https://access.redhat.com/security/cve/CVE-2024-12401
https://github.com/golang/go/issues/50116
https://pkg.go.dev/vuln/GO-2024-3282
https://github.com/cert-manager/cert-manager/commit/f22f78c8c0a64d718e203b326bc844c488ad7850
https://github.com/cert-manager/cert-manager/pull/7403
https://nvd.nist.gov/vuln/detail/CVE-2024-12401
https://bugzilla.redhat.com/show_bug.cgi?id=2327929
https://github.com/cert-manager/cert-manager/pull/7400
https://github.com/cert-manager/cert-manager/commit/3a4c9eb55e2e43570679840bbe3217869fbc8efc
https://github.com/cert-manager/cert-manager/pull/7401
https://github.com/cert-manager/cert-manager
https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4
https://github.com/cert-manager/cert-manager/pull/7402
https://go.dev/issue/50116
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
0.09