{
  "threat_severity" : "Important",
  "public_date" : "2024-02-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kube-controller-manager: malformed HPA v1 manifest causes crash",
    "id" : "2214402",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2214402"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.", "A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn." ],
  "acknowledgement" : "Red Hat would like to thank Mikel Duke (USAA) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2024-03-20T00:00:00Z",
    "advisory" : "RHSA-2024:1267",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "openshift-0:4.12.0-202403042037.p0.g9946c63.assembly.stream.el8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2024-02-14T00:00:00Z",
    "advisory" : "RHSA-2024:0741",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202402011837.p0.gdac7113.assembly.stream"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "microshift",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Not affected",
    "package_name" : "openshift-gitops-1/argo-rollouts-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-0793\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0793\nhttps://github.com/openshift/kubernetes/pull/1876" ],
  "name" : "CVE-2024-0793",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}