CVE-2024-12401

Published: Dec 12, 2024

Modified: Mar 27, 2026

PUBLISHED

CVSS v3.1

4.4

MEDIUM

Description

A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster.

Vendor	Product	Versions
Unknown	cert-manager	affected `0 - <= 1.12.14` affected `1.13.0-alpha.0 - <= 1.15.4` affected `1.16.0-alpha.0 - <= 1.16.2`
Red Hat	cert-manager Operator for Red Hat OpenShift	All versions
Red Hat	cert-manager Operator for Red Hat OpenShift	All versions
Red Hat	cert-manager Operator for Red Hat OpenShift	All versions
Red Hat	cert-manager Operator for Red Hat OpenShift	All versions
Red Hat	Cryostat 3	All versions
Red Hat	Multicluster Engine for Kubernetes	All versions
Red Hat	Multicluster Engine for Kubernetes	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	OpenShift Serverless	All versions
Red Hat	Red Hat Connectivity Link 1	All versions
Red Hat	Red Hat Connectivity Link 1	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat Openshift Data Foundation 4	All versions
Red Hat	Red Hat OpenShift GitOps	All versions