AZL-54313

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54313.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-54313

Upstream

CVE-2024-12401

Published

2024-12-12T09:15:05Z

Modified

2026-04-21T04:35:32.221477Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-12401 affecting package cert-manager for versions less than 1.11.2-18

Details

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12401

Affected packages

Azure Linux:2 / cert-manager

Package

Name: cert-manager
Purl: pkg:rpm/azure-linux/cert-manager

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.2-18

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54313.json"