Filtered by vendor Kubernetes
Subscribe
Search
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25736 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2023-12-21 | N/A | 6.3 MEDIUM |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | |||||
| CVE-2020-8554 | 2 Kubernetes, Oracle | 4 Kubernetes, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 1 more | 2022-05-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | |||||
| CVE-2022-27652 | 4 Fedoraproject, Kubernetes, Mobyproject and 1 more | 4 Fedora, Cri-o, Moby and 1 more | 2022-04-27 | 4.6 MEDIUM | 5.3 MEDIUM |
| A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | |||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift Container Platform | 2022-02-22 | 4.9 MEDIUM | 4.2 MEDIUM |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | |||||
| CVE-2020-8561 | 1 Kubernetes | 1 Kubernetes | 2021-11-06 | 4.0 MEDIUM | 4.1 MEDIUM |
| A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs. | |||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2021-10-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | |||||
| CVE-2021-25737 | 1 Kubernetes | 1 Kubernetes | 2021-10-07 | 4.9 MEDIUM | 4.8 MEDIUM |
| A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | |||||
| CVE-2021-25735 | 1 Kubernetes | 1 Kubernetes | 2021-09-13 | 5.5 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | |||||
| CVE-2020-8555 | 1 Kubernetes | 1 Kubernetes | 2021-05-04 | 3.5 LOW | 6.3 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | |||||
| CVE-2020-8563 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | |||||
| CVE-2020-8564 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||
| CVE-2020-8566 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||
| CVE-2020-8569 | 1 Kubernetes | 1 Container Storage Interface Snapshotter | 2021-02-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability. When exploited, users can’t take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected. | |||||
| CVE-2020-8568 | 1 Kubernetes | 1 Secrets Store Csi Driver | 2021-01-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets. | |||||
| CVE-2020-8565 | 1 Kubernetes | 1 Kubernetes | 2020-12-08 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | |||||
| CVE-2019-11250 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2020-10-16 | 3.5 LOW | 6.5 MEDIUM |
| The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. | |||||
| CVE-2019-11254 | 1 Kubernetes | 1 Kubernetes | 2020-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | |||||
| CVE-2019-11249 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2020-10-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||
| CVE-2019-11246 | 1 Kubernetes | 1 Kubernetes | 2020-10-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11. | |||||
| CVE-2019-11244 | 3 Kubernetes, Netapp, Redhat | 3 Kubernetes, Trident, Openshift Container Platform | 2020-10-02 | 1.9 LOW | 5.0 MEDIUM |
| In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. | |||||
| CVE-2019-1002100 | 1 Kubernetes | 1 Kubernetes | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. | |||||
| CVE-2020-8557 | 1 Kubernetes | 1 Kubernetes | 2020-08-21 | 2.1 LOW | 5.5 MEDIUM |
| The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. | |||||
| CVE-2020-8559 | 1 Kubernetes | 1 Kubernetes | 2020-08-10 | 6.0 MEDIUM | 6.8 MEDIUM |
| The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | |||||
| CVE-2019-11255 | 2 Kubernetes, Redhat | 4 External-provisioner, External-resizer, External-snapshotter and 1 more | 2020-08-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | |||||
| CVE-2020-8553 | 1 Kubernetes | 1 Ingress-nginx | 2020-08-04 | 4.9 MEDIUM | 5.9 MEDIUM |
| The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. | |||||
| CVE-2019-11252 | 1 Kubernetes | 1 Kubernetes | 2020-07-28 | 5.0 MEDIUM | 6.5 MEDIUM |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | |||||
| CVE-2020-8551 | 1 Kubernetes | 1 Kubernetes | 2020-07-24 | 3.3 LOW | 6.5 MEDIUM |
| The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | |||||
| CVE-2020-8552 | 1 Kubernetes | 1 Kubernetes | 2020-07-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | |||||
| CVE-2019-14891 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Cri-o, Openshift Container Platform | 2020-02-28 | 6.0 MEDIUM | 5.0 MEDIUM |
| A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. | |||||
| CVE-2019-1002101 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2020-02-10 | 5.8 MEDIUM | 5.5 MEDIUM |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. | |||||
| CVE-2019-11251 | 1 Kubernetes | 1 Kubernetes | 2020-02-06 | 4.3 MEDIUM | 5.7 MEDIUM |
| The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | |||||
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2020-01-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | |||||
| CVE-2019-10223 | 3 Kubernetes, Linux, Redhat | 3 Kube-state-metrics, Linux Kernel, Openshift Container Platform | 2019-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible. | |||||
| CVE-2018-1002100 | 1 Kubernetes | 1 Kubernetes | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | |||||
| CVE-2017-1002102 | 1 Kubernetes | 1 Kubernetes | 2019-10-09 | 6.3 MEDIUM | 5.6 MEDIUM |
| In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | |||||
| CVE-2017-1002100 | 1 Kubernetes | 1 Kubernetes | 2017-09-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. | |||||
| CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2016-06-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||||