A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

Affected Packages

Go k8s.io/kubernetes

Affected versions: 0 (fixed in 1.27.0-alpha.1)

Related CVEs

CVE-2024-0793

Key Information

GHSA ID

GHSA-h7wq-jj8r-qm7p

Published

November 17, 2024 12:30 PM

Last Modified

November 19, 2024 8:25 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

k8s.io/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.