CVE-2024-12401

Cert-manager: potential dos when parsing specially crafted pem inputs

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

Se encontró una falla en el paquete cert-manager. Esta falla permite que un atacante que pueda modificar los datos PEM que lee el cert-manager, por ejemplo, en un recurso secreto, utilice grandes cantidades de CPU en el módulo controlador del cert-manager para crear efectivamente un vector de denegación de servicio (DoS) para el cert-manager en el clúster.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

Multiple

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-12-10 CVE Reserved
2024-12-12 CVE Published
2025-03-15 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (8)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2024-12401	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=2327929	Issue Tracking
https://github.com/cert-manager/cert-manager/pull/7400
https://github.com/cert-manager/cert-manager/pull/7401
https://github.com/cert-manager/cert-manager/pull/7402
https://github.com/cert-manager/cert-manager/pull/7403
https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4
https://go.dev/issue/50116

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Cert-manager Operator For Red Hat Openshift Search vendor "Redhat" for product "Cert-manager Operator For Red Hat Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Cert Manager Search vendor "Redhat" for product "Cert Manager"				*		-		Affected
Redhat Search vendor "Redhat"		Cryostat Search vendor "Redhat" for product "Cryostat"				*		-		Affected
Redhat Search vendor "Redhat"		Hybrid Cloud Gateway Search vendor "Redhat" for product "Hybrid Cloud Gateway"				*		-		Affected
Redhat Search vendor "Redhat"		Multicluster Engine Search vendor "Redhat" for product "Multicluster Engine"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Data Foundation Search vendor "Redhat" for product "Openshift Data Foundation"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Gitops Search vendor "Redhat" for product "Openshift Gitops"				*		-		Affected
Redhat Search vendor "Redhat"		Serverless Search vendor "Redhat" for product "Serverless"				*		-		Affected
Redhat Search vendor "Redhat"		Openshift Search vendor "Redhat" for product "Openshift"				*		-		Affected