CVE-2019-11253 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-11253 Interim 1 37 2026-03-05T06:18:38Z current 2021-05-30T14:27:33Z 2026-03-05T06:18:38Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-11253 Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/kb/doc/?id=000020448 E-Mail link for TID000020448 https://www.suse.com/support/kb/doc/?id=000020476 E-Mail link for TID000020476 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 openSUSE Tumbleweed govulncheck-vulndb-0.0.20250807T150727-1.1 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 kubernetes kubernetes-apiserver-1.22.2-21.2 kubernetes-apiserver-minus1-1.21.5-21.2 kubernetes-client kubernetes-client-1.22.2-21.2 kubernetes-controller-manager-1.22.2-21.2 kubernetes-controller-manager-minus1-1.21.5-21.2 kubernetes-coredns-1.8.4-21.2 kubernetes-coredns-minus1-1.8.0-21.2 kubernetes-etcd-3.5.0-21.2 kubernetes-etcd-minus1-3.4.13-21.2 kubernetes-kubeadm-1.22.2-21.2 kubernetes-kubelet-1.22.2-21.2 kubernetes-proxy-1.22.2-21.2 kubernetes-proxy-minus1-1.21.5-21.2 kubernetes-scheduler-1.22.2-21.2 kubernetes-scheduler-minus1-1.21.5-21.2 govulncheck-vulndb-0.0.20250814T182633-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 govulncheck-vulndb-0.0.20250807T150727-1.1 as a component of openSUSE Tumbleweed kubernetes-apiserver-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-apiserver-minus1-1.21.5-21.2 as a component of openSUSE Tumbleweed kubernetes-client-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-controller-manager-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-controller-manager-minus1-1.21.5-21.2 as a component of openSUSE Tumbleweed kubernetes-coredns-1.8.4-21.2 as a component of openSUSE Tumbleweed kubernetes-coredns-minus1-1.8.0-21.2 as a component of openSUSE Tumbleweed kubernetes-etcd-3.5.0-21.2 as a component of openSUSE Tumbleweed kubernetes-etcd-minus1-3.4.13-21.2 as a component of openSUSE Tumbleweed kubernetes-kubeadm-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-kubelet-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-proxy-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-proxy-minus1-1.21.5-21.2 as a component of openSUSE Tumbleweed kubernetes-scheduler-1.22.2-21.2 as a component of openSUSE Tumbleweed kubernetes-scheduler-minus1-1.21.5-21.2 as a component of openSUSE Tumbleweed kubernetes-client as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Module for Public Cloud 12 Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. CVE-2019-11253 SUSE Linux Enterprise Server 16.0:govulncheck-vulndb-0.0.20250814T182633-160000.1.2 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250807T150727-1.1 openSUSE Tumbleweed:kubernetes-apiserver-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-apiserver-minus1-1.21.5-21.2 openSUSE Tumbleweed:kubernetes-client-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-controller-manager-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-controller-manager-minus1-1.21.5-21.2 openSUSE Tumbleweed:kubernetes-coredns-1.8.4-21.2 openSUSE Tumbleweed:kubernetes-coredns-minus1-1.8.0-21.2 openSUSE Tumbleweed:kubernetes-etcd-3.5.0-21.2 openSUSE Tumbleweed:kubernetes-etcd-minus1-3.4.13-21.2 openSUSE Tumbleweed:kubernetes-kubeadm-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-kubelet-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-proxy-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-proxy-minus1-1.21.5-21.2 openSUSE Tumbleweed:kubernetes-scheduler-1.22.2-21.2 openSUSE Tumbleweed:kubernetes-scheduler-minus1-1.21.5-21.2 SUSE Linux Enterprise Module for Public Cloud 12:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H