CVE-2024-12401 - Vulnerability Details

Vendors	Products
Redhat	Cert Manager Cryostat Hybrid Cloud Gateway Multicluster Engine Openshift Openshift Data Foundation Openshift Gitops Serverless

Link	Providers
https://access.redhat.com/security/cve/CVE-2024-12401
https://bugzilla.redhat.com/show_bug.cgi?id=2327929
https://github.com/cert-manager/cert-manager/pull/7400
https://github.com/cert-manager/cert-manager/pull/7401
https://github.com/cert-manager/cert-manager/pull/7402
https://github.com/cert-manager/cert-manager/pull/7403
https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4
https://go.dev/issue/50116
https://nvd.nist.gov/vuln/detail/CVE-2024-12401
https://www.cve.org/CVERecord?id=CVE-2024-12401

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-12401 https://www.cve.org/CVERecord?id=CVE-2024-12401
Metrics	threat_severity `None`	threat_severity `Low`

Type	Values Removed	Values Added
Description		A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.
Title		Cert-manager: potential dos when parsing specially crafted pem inputs
First Time appeared		Redhat Redhat cert Manager Redhat cryostat Redhat hybrid Cloud Gateway Redhat multicluster Engine Redhat openshift Redhat openshift Data Foundation Redhat openshift Gitops Redhat serverless
Weaknesses		CWE-20
CPEs		cpe:/a:redhat:cert_manager:1 cpe:/a:redhat:cryostat:3 cpe:/a:redhat:hybrid_cloud_gateway:1::el9 cpe:/a:redhat:multicluster_engine cpe:/a:redhat:openshift:4 cpe:/a:redhat:openshift_data_foundation:4 cpe:/a:redhat:openshift_gitops:1 cpe:/a:redhat:serverless:1
Vendors & Products		Redhat Redhat cert Manager Redhat cryostat Redhat hybrid Cloud Gateway Redhat multicluster Engine Redhat openshift Redhat openshift Data Foundation Redhat openshift Gitops Redhat serverless
References		https://access.redhat.com/security/cve/CVE-2024-12401 https://bugzilla.redhat.com/show_bug.cgi?id=2327929 https://github.com/cert-manager/cert-manager/pull/7400 https://github.com/cert-manager/cert-manager/pull/7401 https://github.com/cert-manager/cert-manager/pull/7402 https://github.com/cert-manager/cert-manager/pull/7403 https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 https://go.dev/issue/50116
Metrics		cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12401", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-12-10T13:30:10.806Z", "datePublished": "2024-12-12T09:06:03.612Z", "dateUpdated": "2025-03-15T05:58:20.676Z"}, "containers": {"cna": {"title": "Cert-manager: potential dos when parsing specially crafted pem inputs", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.12.14"}, {"status": "affected", "version": "1.13.0-alpha.0", "versionType": "semver", "lessThanOrEqual": "1.15.4"}, {"status": "affected", "version": "1.16.0-alpha.0", "versionType": "semver", "lessThanOrEqual": "1.16.2"}], "packageName": "cert-manager", "collectionURL": "https://github.com/cert-manager/cert-manager", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cert-manager/cert-manager-operator-bundle", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:cert_manager:1"]}, {"vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cert-manager/cert-manager-operator-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:cert_manager:1"]}, {"vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:cert_manager:1"]}, {"vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cert-manager/jetstack-cert-manager-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:cert_manager:1"]}, {"vendor": "Red Hat", "product": "Cryostat 3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:cryostat:3"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-8-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "multicluster-engine/assisted-service-9-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:multicluster_engine"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-activator-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-autoscaler-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-controller-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-queue-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "OpenShift Serverless", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-serverless-1/serving-webhook-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:serverless:1"]}, {"vendor": "Red Hat", "product": "Red Hat Connectivity Link", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcl-operator-bundle-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:hybrid_cloud_gateway:1::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Connectivity Link", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcl-operator-container", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:hybrid_cloud_gateway:1::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift4/ose-contour-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "odf4/rook-ceph-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_data_foundation:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift GitOps", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-gitops-1/gitops-rhel8-operator", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift_gitops:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-12401", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929", "name": "RHBZ#2327929", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/cert-manager/cert-manager/pull/7400"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7401"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7402"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7403"}, {"url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"}, {"url": "https://go.dev/issue/50116"}], "datePublic": "2024-11-21T19:52:52.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-20: Improper Input Validation", "timeline": [{"lang": "en", "time": "2024-11-21T23:00:43.367021+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-21T19:52:52+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-15T05:58:20.676Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T15:21:20.829376Z", "id": "CVE-2024-12401", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T15:44:58.794Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-12401 (string)

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

state : PUBLISHED (string)

assignerShortName : redhat (string)

dateReserved : 2024-12-10T13:30:10.806Z (string)

datePublished : 2024-12-12T09:06:03.612Z (string)

dateUpdated : 2025-03-15T05:58:20.676Z (string)

}

containers : { »

cna : { »

title : Cert-manager: potential dos when parsing specially crafted pem inputs (string)

metrics : [ »

0 : { »

other : { »

content : { »

value : Low (string)

namespace : https://access.redhat.com/security/updates/classification/ (string)

}

type : Red Hat severity rating (string)

}

1 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 4.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

format : CVSS (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. (string)

}

]

affected : [ »

0 : { »

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : semver (string)

lessThanOrEqual : 1.12.14 (string)

}

1 : { »

status : affected (string)

version : 1.13.0-alpha.0 (string)

versionType : semver (string)

lessThanOrEqual : 1.15.4 (string)

}

2 : { »

status : affected (string)

version : 1.16.0-alpha.0 (string)

versionType : semver (string)

lessThanOrEqual : 1.16.2 (string)

}

]

packageName : cert-manager (string)

collectionURL : https://github.com/cert-manager/cert-manager (string)

defaultStatus : unaffected (string)

}

1 : { »

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : cert-manager/cert-manager-operator-bundle (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

}

2 : { »

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : cert-manager/cert-manager-operator-rhel9 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

}

3 : { »

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : cert-manager/jetstack-cert-manager-acmesolver-rhel9 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

}

4 : { »

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : cert-manager/jetstack-cert-manager-rhel9 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

}

5 : { »

vendor : Red Hat (string)

product : Cryostat 3 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : cryostat-tech-preview/cryostat-rhel8-operator (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:cryostat:3 (string)

]

}

6 : { »

vendor : Red Hat (string)

product : Multicluster Engine for Kubernetes (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : multicluster-engine/assisted-service-8-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:multicluster_engine (string)

]

}

7 : { »

vendor : Red Hat (string)

product : Multicluster Engine for Kubernetes (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : multicluster-engine/assisted-service-9-rhel9 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:multicluster_engine (string)

]

}

8 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-activator-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

9 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-autoscaler-hpa-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

10 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-autoscaler-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

11 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-controller-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

12 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-queue-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

13 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-storage-version-migration-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

14 : { »

vendor : Red Hat (string)

product : OpenShift Serverless (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-serverless-1/serving-webhook-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

}

15 : { »

vendor : Red Hat (string)

product : Red Hat Connectivity Link (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : rhcl-operator-bundle-container (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

]

}

16 : { »

vendor : Red Hat (string)

product : Red Hat Connectivity Link (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

packageName : rhcl-operator-container (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

]

}

17 : { »

vendor : Red Hat (string)

product : Red Hat OpenShift Container Platform 4 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift4/ose-agent-installer-api-server-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:openshift:4 (string)

]

}

18 : { »

vendor : Red Hat (string)

product : Red Hat OpenShift Container Platform 4 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift4/ose-contour-rhel8 (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:openshift:4 (string)

]

}

19 : { »

vendor : Red Hat (string)

product : Red Hat Openshift Data Foundation 4 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : odf4/rook-ceph-rhel8-operator (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:openshift_data_foundation:4 (string)

]

}

20 : { »

vendor : Red Hat (string)

product : Red Hat OpenShift GitOps (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

packageName : openshift-gitops-1/gitops-rhel8-operator (string)

defaultStatus : affected (string)

cpes : [ »

0 : cpe:/a:redhat:openshift_gitops:1 (string)

]

}

]

references : [ »

0 : { »

url : https://access.redhat.com/security/cve/CVE-2024-12401 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

]

}

1 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2327929 (string)

name : RHBZ#2327929 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

]

}

2 : { »

url : https://github.com/cert-manager/cert-manager/pull/7400 (string)

}

3 : { »

url : https://github.com/cert-manager/cert-manager/pull/7401 (string)

}

4 : { »

url : https://github.com/cert-manager/cert-manager/pull/7402 (string)

}

5 : { »

url : https://github.com/cert-manager/cert-manager/pull/7403 (string)

}

6 : { »

url : https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 (string)

}

7 : { »

url : https://go.dev/issue/50116 (string)

}

]

datePublic : 2024-11-21T19:52:52.000Z (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-20 (string)

description : Improper Input Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

x_redhatCweChain : CWE-20: Improper Input Validation (string)

timeline : [ »

0 : { »

lang : en (string)

time : 2024-11-21T23:00:43.367021+00:00 (string)

value : Reported to Red Hat. (string)

}

1 : { »

lang : en (string)

time : 2024-11-21T19:52:52+00:00 (string)

value : Made public. (string)

}

]

providerMetadata : { »

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

dateUpdated : 2025-03-15T05:58:20.676Z (string)

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-12-12T15:21:20.829376Z (string)

id : CVE-2024-12401 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-12T15:44:58.794Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12401", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-12T15:21:20.829376Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T15:21:22.005Z"}}], "cna": {"title": "Cert-manager: potential dos when parsing specially crafted pem inputs", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.12.14"}, {"status": "affected", "version": "1.13.0-alpha.0", "versionType": "semver", "lessThanOrEqual": "1.15.4"}, {"status": "affected", "version": "1.16.0-alpha.0", "versionType": "semver", "lessThanOrEqual": "1.16.2"}], "packageName": "cert-manager", "collectionURL": "https://github.com/cert-manager/cert-manager", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:cert_manager:1"], "vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "packageName": "cert-manager/cert-manager-operator-bundle", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cert_manager:1"], "vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "packageName": "cert-manager/cert-manager-operator-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cert_manager:1"], "vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "packageName": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cert_manager:1"], "vendor": "Red Hat", "product": "cert-manager Operator for Red Hat OpenShift", "packageName": "cert-manager/jetstack-cert-manager-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:cryostat:3"], "vendor": "Red Hat", "product": "Cryostat 3", "packageName": "cryostat-tech-preview/cryostat-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/assisted-service-8-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "vendor": "Red Hat", "product": "Multicluster Engine for Kubernetes", "packageName": "multicluster-engine/assisted-service-9-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-activator-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-autoscaler-hpa-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-autoscaler-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-controller-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-queue-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-storage-version-migration-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "vendor": "Red Hat", "product": "OpenShift Serverless", "packageName": "openshift-serverless-1/serving-webhook-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:hybrid_cloud_gateway:1::el9"], "vendor": "Red Hat", "product": "Red Hat Connectivity Link", "packageName": "rhcl-operator-bundle-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:hybrid_cloud_gateway:1::el9"], "vendor": "Red Hat", "product": "Red Hat Connectivity Link", "packageName": "rhcl-operator-container", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-agent-installer-api-server-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "openshift4/ose-contour-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4"], "vendor": "Red Hat", "product": "Red Hat Openshift Data Foundation 4", "packageName": "odf4/rook-ceph-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_gitops:1"], "vendor": "Red Hat", "product": "Red Hat OpenShift GitOps", "packageName": "openshift-gitops-1/gitops-rhel8-operator", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-11-21T23:00:43.367021+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-11-21T19:52:52+00:00", "value": "Made public."}], "datePublic": "2024-11-21T19:52:52.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-12401", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929", "name": "RHBZ#2327929", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/cert-manager/cert-manager/pull/7400"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7401"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7402"}, {"url": "https://github.com/cert-manager/cert-manager/pull/7403"}, {"url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"}, {"url": "https://go.dev/issue/50116"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-15T05:58:20.676Z"}, "x_redhatCweChain": "CWE-20: Improper Input Validation"}}, "cveMetadata": {"cveId": "CVE-2024-12401", "state": "PUBLISHED", "dateUpdated": "2025-03-15T05:58:20.676Z", "dateReserved": "2024-12-10T13:30:10.806Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-12-12T09:06:03.612Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-12401 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-12-12T15:21:20.829376Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-12-12T15:21:22.005Z (string)

}

]

cna : { »

title : Cert-manager: potential dos when parsing specially crafted pem inputs (string)

metrics : [ »

0 : { »

other : { »

type : Red Hat severity rating (string)

content : { »

value : Low (string)

namespace : https://access.redhat.com/security/updates/classification/ (string)

}

1 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 4.4 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : HIGH (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : NONE (string)

}

]

affected : [ »

0 : { »

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

versionType : semver (string)

lessThanOrEqual : 1.12.14 (string)

}

1 : { »

status : affected (string)

version : 1.13.0-alpha.0 (string)

versionType : semver (string)

lessThanOrEqual : 1.15.4 (string)

}

2 : { »

status : affected (string)

version : 1.16.0-alpha.0 (string)

versionType : semver (string)

lessThanOrEqual : 1.16.2 (string)

}

]

packageName : cert-manager (string)

collectionURL : https://github.com/cert-manager/cert-manager (string)

defaultStatus : unaffected (string)

}

1 : { »

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

packageName : cert-manager/cert-manager-operator-bundle (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

2 : { »

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

packageName : cert-manager/cert-manager-operator-rhel9 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

3 : { »

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

packageName : cert-manager/jetstack-cert-manager-acmesolver-rhel9 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

4 : { »

cpes : [ »

0 : cpe:/a:redhat:cert_manager:1 (string)

]

vendor : Red Hat (string)

product : cert-manager Operator for Red Hat OpenShift (string)

packageName : cert-manager/jetstack-cert-manager-rhel9 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

5 : { »

cpes : [ »

0 : cpe:/a:redhat:cryostat:3 (string)

]

vendor : Red Hat (string)

product : Cryostat 3 (string)

packageName : cryostat-tech-preview/cryostat-rhel8-operator (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

6 : { »

cpes : [ »

0 : cpe:/a:redhat:multicluster_engine (string)

]

vendor : Red Hat (string)

product : Multicluster Engine for Kubernetes (string)

packageName : multicluster-engine/assisted-service-8-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

7 : { »

cpes : [ »

0 : cpe:/a:redhat:multicluster_engine (string)

]

vendor : Red Hat (string)

product : Multicluster Engine for Kubernetes (string)

packageName : multicluster-engine/assisted-service-9-rhel9 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

8 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-activator-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

9 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-autoscaler-hpa-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

10 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-autoscaler-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

11 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-controller-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

12 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-queue-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

13 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-storage-version-migration-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

14 : { »

cpes : [ »

0 : cpe:/a:redhat:serverless:1 (string)

]

vendor : Red Hat (string)

product : OpenShift Serverless (string)

packageName : openshift-serverless-1/serving-webhook-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

15 : { »

cpes : [ »

0 : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

]

vendor : Red Hat (string)

product : Red Hat Connectivity Link (string)

packageName : rhcl-operator-bundle-container (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

16 : { »

cpes : [ »

0 : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

]

vendor : Red Hat (string)

product : Red Hat Connectivity Link (string)

packageName : rhcl-operator-container (string)

collectionURL : https://catalog.redhat.com/software/containers/ (string)

defaultStatus : affected (string)

}

17 : { »

cpes : [ »

0 : cpe:/a:redhat:openshift:4 (string)

]

vendor : Red Hat (string)

product : Red Hat OpenShift Container Platform 4 (string)

packageName : openshift4/ose-agent-installer-api-server-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

18 : { »

cpes : [ »

0 : cpe:/a:redhat:openshift:4 (string)

]

vendor : Red Hat (string)

product : Red Hat OpenShift Container Platform 4 (string)

packageName : openshift4/ose-contour-rhel8 (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

19 : { »

cpes : [ »

0 : cpe:/a:redhat:openshift_data_foundation:4 (string)

]

vendor : Red Hat (string)

product : Red Hat Openshift Data Foundation 4 (string)

packageName : odf4/rook-ceph-rhel8-operator (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

20 : { »

cpes : [ »

0 : cpe:/a:redhat:openshift_gitops:1 (string)

]

vendor : Red Hat (string)

product : Red Hat OpenShift GitOps (string)

packageName : openshift-gitops-1/gitops-rhel8-operator (string)

collectionURL : https://access.redhat.com/downloads/content/package-browser/ (string)

defaultStatus : affected (string)

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2024-11-21T23:00:43.367021+00:00 (string)

value : Reported to Red Hat. (string)

}

1 : { »

lang : en (string)

time : 2024-11-21T19:52:52+00:00 (string)

value : Made public. (string)

}

]

datePublic : 2024-11-21T19:52:52.000Z (string)

references : [ »

0 : { »

url : https://access.redhat.com/security/cve/CVE-2024-12401 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_REDHAT (string)

]

}

1 : { »

url : https://bugzilla.redhat.com/show_bug.cgi?id=2327929 (string)

name : RHBZ#2327929 (string)

tags : [ »

0 : issue-tracking (string)

1 : x_refsource_REDHAT (string)

]

}

2 : { »

url : https://github.com/cert-manager/cert-manager/pull/7400 (string)

}

3 : { »

url : https://github.com/cert-manager/cert-manager/pull/7401 (string)

}

4 : { »

url : https://github.com/cert-manager/cert-manager/pull/7402 (string)

}

5 : { »

url : https://github.com/cert-manager/cert-manager/pull/7403 (string)

}

6 : { »

url : https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 (string)

}

7 : { »

url : https://go.dev/issue/50116 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-20 (string)

description : Improper Input Validation (string)

}

]

}

]

providerMetadata : { »

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

dateUpdated : 2025-03-15T05:58:20.676Z (string)

}

x_redhatCweChain : CWE-20: Improper Input Validation (string)

}

cveMetadata : { »

cveId : CVE-2024-12401 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-15T05:58:20.676Z (string)

dateReserved : 2024-12-10T13:30:10.806Z (string)

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

datePublished : 2024-12-12T09:06:03.612Z (string)

assignerShortName : redhat (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."}], "id": "CVE-2024-12401", "lastModified": "2024-12-12T09:15:05.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2024-12-12T09:15:05.790", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-12401"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929"}, {"source": "secalert@redhat.com", "url": "https://github.com/cert-manager/cert-manager/pull/7400"}, {"source": "secalert@redhat.com", "url": "https://github.com/cert-manager/cert-manager/pull/7401"}, {"source": "secalert@redhat.com", "url": "https://github.com/cert-manager/cert-manager/pull/7402"}, {"source": "secalert@redhat.com", "url": "https://github.com/cert-manager/cert-manager/pull/7403"}, {"source": "secalert@redhat.com", "url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4"}, {"source": "secalert@redhat.com", "url": "https://go.dev/issue/50116"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. (string)

}

]

id : CVE-2024-12401 (string)

lastModified : 2024-12-12T09:15:05.790 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 4.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.7 (number)

impactScore : 3.6 (number)

source : secalert@redhat.com (string)

type : Primary (string)

}

]

}

published : 2024-12-12T09:15:05.790 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : https://access.redhat.com/security/cve/CVE-2024-12401 (string)

}

1 : { »

source : secalert@redhat.com (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2327929 (string)

}

2 : { »

source : secalert@redhat.com (string)

url : https://github.com/cert-manager/cert-manager/pull/7400 (string)

}

3 : { »

source : secalert@redhat.com (string)

url : https://github.com/cert-manager/cert-manager/pull/7401 (string)

}

4 : { »

source : secalert@redhat.com (string)

url : https://github.com/cert-manager/cert-manager/pull/7402 (string)

}

5 : { »

source : secalert@redhat.com (string)

url : https://github.com/cert-manager/cert-manager/pull/7403 (string)

}

6 : { »

source : secalert@redhat.com (string)

url : https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 (string)

}

7 : { »

source : secalert@redhat.com (string)

url : https://go.dev/issue/50116 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Received (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : secalert@redhat.com (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "cert-manager: potential DoS when parsing specially crafted PEM inputs", "id": "2327929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327929"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.", "A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster."], "name": "CVE-2024-12401", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/cert-manager-operator-bundle", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Fix deferred", "package_name": "cert-manager/jetstack-cert-manager-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:3", "fix_state": "Fix deferred", "package_name": "cryostat-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 3"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/assisted-service-8-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/assisted-service-9-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-activator-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-autoscaler-hpa-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-autoscaler-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-controller-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-queue-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-storage-version-migration-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "openshift-serverless-1/serving-webhook-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:hybrid_cloud_gateway:1::el9", "fix_state": "Fix deferred", "package_name": "rhcl-operator-bundle-container", "product_name": "Red Hat Connectivity Link"}, {"cpe": "cpe:/a:redhat:hybrid_cloud_gateway:1::el9", "fix_state": "Fix deferred", "package_name": "rhcl-operator-container", "product_name": "Red Hat Connectivity Link"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-agent-installer-api-server-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-contour-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Fix deferred", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}], "public_date": "2024-11-21T19:52:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12401\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12401\nhttps://github.com/cert-manager/cert-manager/pull/7400\nhttps://github.com/cert-manager/cert-manager/pull/7401\nhttps://github.com/cert-manager/cert-manager/pull/7402\nhttps://github.com/cert-manager/cert-manager/pull/7403\nhttps://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4\nhttps://go.dev/issue/50116"], "threat_severity": "Low"}

{

bugzilla : { »

description : cert-manager: potential DoS when parsing specially crafted PEM inputs (string)

id : 2327929 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2327929 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-20 (string)

details : [ »

0 : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. (string)

1 : A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. (string)

]

name : CVE-2024-12401 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:cert_manager:1 (string)

fix_state : Fix deferred (string)

package_name : cert-manager/cert-manager-operator-bundle (string)

product_name : cert-manager Operator for Red Hat OpenShift (string)

}

1 : { »

cpe : cpe:/a:redhat:cert_manager:1 (string)

fix_state : Fix deferred (string)

package_name : cert-manager/cert-manager-operator-rhel9 (string)

product_name : cert-manager Operator for Red Hat OpenShift (string)

}

2 : { »

cpe : cpe:/a:redhat:cert_manager:1 (string)

fix_state : Fix deferred (string)

package_name : cert-manager/jetstack-cert-manager-acmesolver-rhel9 (string)

product_name : cert-manager Operator for Red Hat OpenShift (string)

}

3 : { »

cpe : cpe:/a:redhat:cert_manager:1 (string)

fix_state : Fix deferred (string)

package_name : cert-manager/jetstack-cert-manager-rhel9 (string)

product_name : cert-manager Operator for Red Hat OpenShift (string)

}

4 : { »

cpe : cpe:/a:redhat:cryostat:3 (string)

fix_state : Fix deferred (string)

package_name : cryostat-tech-preview/cryostat-rhel8-operator (string)

product_name : Cryostat 3 (string)

}

5 : { »

cpe : cpe:/a:redhat:multicluster_engine (string)

fix_state : Fix deferred (string)

package_name : multicluster-engine/assisted-service-8-rhel8 (string)

product_name : Multicluster Engine for Kubernetes (string)

}

6 : { »

cpe : cpe:/a:redhat:multicluster_engine (string)

fix_state : Fix deferred (string)

package_name : multicluster-engine/assisted-service-9-rhel9 (string)

product_name : Multicluster Engine for Kubernetes (string)

}

7 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-activator-rhel8 (string)

product_name : OpenShift Serverless (string)

}

8 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-autoscaler-hpa-rhel8 (string)

product_name : OpenShift Serverless (string)

}

9 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-autoscaler-rhel8 (string)

product_name : OpenShift Serverless (string)

}

10 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-controller-rhel8 (string)

product_name : OpenShift Serverless (string)

}

11 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-queue-rhel8 (string)

product_name : OpenShift Serverless (string)

}

12 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-storage-version-migration-rhel8 (string)

product_name : OpenShift Serverless (string)

}

13 : { »

cpe : cpe:/a:redhat:serverless:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-serverless-1/serving-webhook-rhel8 (string)

product_name : OpenShift Serverless (string)

}

14 : { »

cpe : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

fix_state : Fix deferred (string)

package_name : rhcl-operator-bundle-container (string)

product_name : Red Hat Connectivity Link (string)

}

15 : { »

cpe : cpe:/a:redhat:hybrid_cloud_gateway:1::el9 (string)

fix_state : Fix deferred (string)

package_name : rhcl-operator-container (string)

product_name : Red Hat Connectivity Link (string)

}

16 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Fix deferred (string)

package_name : openshift4/ose-agent-installer-api-server-rhel8 (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

17 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Fix deferred (string)

package_name : openshift4/ose-contour-rhel8 (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

18 : { »

cpe : cpe:/a:redhat:openshift_data_foundation:4 (string)

fix_state : Fix deferred (string)

package_name : odf4/rook-ceph-rhel8-operator (string)

product_name : Red Hat Openshift Data Foundation 4 (string)

}

19 : { »

cpe : cpe:/a:redhat:openshift_gitops:1 (string)

fix_state : Fix deferred (string)

package_name : openshift-gitops-1/gitops-rhel8-operator (string)

product_name : Red Hat OpenShift GitOps (string)

}

]

public_date : 2024-11-21T19:52:52Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-12401 https://nvd.nist.gov/vuln/detail/CVE-2024-12401 https://github.com/cert-manager/cert-manager/pull/7400 https://github.com/cert-manager/cert-manager/pull/7401 https://github.com/cert-manager/cert-manager/pull/7402 https://github.com/cert-manager/cert-manager/pull/7403 https://github.com/cert-manager/cert-manager/security/advisories/GHSA-r4pg-vg54-wxx4 https://go.dev/issue/50116 (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object