CVE-2024-12401

State: PUBLISHED · Published: 2024-12-12 · Updated: 2026-03-27 · Assigner: redhat

Description

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

CWE

CWE-20 — Improper Input Validation

Affected

/ — v=0 ≤1.12.14 [affected]; v=1.13.0-alpha.0 ≤1.15.4 [affected]; v=1.16.0-alpha.0 ≤1.16.2 [affected]
Red Hat / cert-manager Operator for Red Hat OpenShift —
Red Hat / cert-manager Operator for Red Hat OpenShift —
Red Hat / cert-manager Operator for Red Hat OpenShift —
Red Hat / cert-manager Operator for Red Hat OpenShift —
Red Hat / Cryostat 3 —
Red Hat / Multicluster Engine for Kubernetes —
Red Hat / Multicluster Engine for Kubernetes —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / OpenShift Serverless —
Red Hat / Red Hat Connectivity Link 1 —
Red Hat / Red Hat Connectivity Link 1 —
Red Hat / Red Hat OpenShift Container Platform 4 —
Red Hat / Red Hat OpenShift Container Platform 4 —
Red Hat / Red Hat Openshift Data Foundation 4 —
Red Hat / Red Hat OpenShift GitOps —

CVSS

3.1 score=4.4 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References

Source

cvelistV5-main/cves/2024/12xxx/CVE-2024-12401.json