Filtered by vendor Kubernetes
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1002100 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | N/A |
| In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | ||||
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2024-09-10 | 7.6 High |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | ||||
| CVE-2023-5528 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-09-06 | 7.2 High |
| A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | ||||
| CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-06 | N/A |
| Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | ||||
| CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-06 | N/A |
| Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | ||||
| CVE-2016-7075 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-06 | N/A |
| It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | ||||
| CVE-2016-1905 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
| The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||||
| CVE-2016-1906 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
| Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||||
| CVE-2017-1002101 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
| In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | ||||
| CVE-2017-1002102 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
| In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | ||||
| CVE-2017-1000056 | 1 Kubernetes | 1 Kubernetes | 2024-08-05 | N/A |
| Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | ||||
| CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-08-05 | N/A |
| In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | ||||
| CVE-2018-1002105 | 3 Kubernetes, Netapp, Redhat | 4 Kubernetes, Trident, Openshift and 1 more | 2024-08-05 | N/A |
| In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | ||||
| CVE-2018-1000400 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-05 | N/A |
| Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. | ||||
| CVE-2018-18264 | 1 Kubernetes | 1 Dashboard | 2024-08-05 | N/A |
| Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. | ||||
| CVE-2019-1002100 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Container Platform | 2024-08-05 | 6.5 Medium |
| In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. | ||||
| CVE-2019-14891 | 3 Fedoraproject, Kubernetes, Redhat | 4 Fedora, Cri-o, Openshift and 1 more | 2024-08-05 | 5.0 Medium |
| A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. | ||||
| CVE-2019-11244 | 3 Kubernetes, Netapp, Redhat | 4 Kubernetes, Trident, Openshift and 1 more | 2024-08-04 | 5.0 Medium |
| In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. | ||||
| CVE-2019-11243 | 2 Kubernetes, Netapp | 2 Kubernetes, Trident | 2024-08-04 | 8.1 High |
| In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() | ||||
| CVE-2019-11251 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-04 | 4.8 Medium |
| The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | ||||