Filtered by vendor Kubernetes
Subscriptions
Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3172 | 2 Kubernetes, Redhat | 3 Apiserver, Openshift, Openshift Data Foundation | 2024-08-03 | 5.1 Medium |
| A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-03 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-1708 | 3 Fedoraproject, Kubernetes, Redhat | 5 Fedora, Cri-o, Enterprise Linux and 2 more | 2024-08-03 | 7.5 High |
| A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. | ||||
| CVE-2022-0811 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-02 | 8.8 High |
| A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | ||||
| CVE-2022-0532 | 2 Kubernetes, Redhat | 3 Cri-o, Openshift, Openshift Container Platform | 2024-08-02 | 4.2 Medium |
| An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | ||||
| CVE-2023-5043 | 1 Kubernetes | 1 Ingress-nginx | 2024-08-02 | 7.6 High |
| Ingress nginx annotation injection causes arbitrary command execution. | ||||
| CVE-2023-3893 | 1 Kubernetes | 1 Csi Proxy | 2024-08-02 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | ||||
| CVE-2023-3676 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2024-08-02 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-2878 | 1 Kubernetes | 1 Secrets-store-csi-driver | 2024-08-02 | 6.5 Medium |
| Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | ||||
| CVE-2023-2727 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Ironic | 2024-08-02 | 6.5 Medium |
| Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | ||||
| CVE-2023-2728 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Ironic | 2024-08-02 | 6.5 Medium |
| Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | ||||
| CVE-2023-2431 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-08-02 | 3.4 Low |
| A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | ||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2024-08-02 | 8.4 High |
| This vulnerability enables ssh access to minikube container using a default password. | ||||
| CVE-2023-1260 | 2 Kubernetes, Redhat | 4 Kube-apiserver, Openshift, Openshift Container Platform and 1 more | 2024-08-02 | 8 High |
| An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | ||||
| CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2024-08-02 | 9.8 Critical |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | ||||
| CVE-2024-31990 | 2 Kubernetes, Redhat | 2 Argo-cd, Openshift Gitops | 2024-08-02 | 4.8 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16. | ||||