Latest kubernetes kubernetes Vulnerabilities

CVE-2023-5528
Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
Kubernetes Kubernetes>=1.8.0<1.25.16
Kubernetes Kubernetes>=1.26.0<1.26.11
Kubernetes Kubernetes>=1.27.0<1.27.8
Kubernetes Kubernetes>=1.28.0<1.28.4
Fedoraproject Fedora=37
Fedoraproject Fedora=38
and 9 more
CVE-2021-25736
Windows kube-proxy LoadBalancer contention
go/k8s.io/kubernetes<1.21
Kubernetes Kubernetes>=1.18.0<1.18.18
Kubernetes Kubernetes>=1.19.0<1.19.10
Kubernetes Kubernetes>=1.20.0<1.20.6
Microsoft Windows
CVE-2023-3955
Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
go/k8s.io/kubernetes<1.24.17
go/k8s.io/kubernetes>=1.25.0<1.25.13
go/k8s.io/kubernetes>=1.26.0<1.26.8
go/k8s.io/kubernetes>=1.27.0<1.27.5
go/k8s.io/kubernetes=1.28.0
Kubernetes Kubernetes<1.24.17
and 11 more
CVE-2023-3676
Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
go/k8s.io/kubernetes<1.24.17
go/k8s.io/kubernetes>=1.25.0<1.25.13
go/k8s.io/kubernetes>=1.26.0<1.26.8
go/k8s.io/kubernetes>=1.27.0<1.27.5
go/k8s.io/kubernetes=1.28.0
Kubernetes Kubernetes<1.24.17
and 11 more
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected...
Kubernetes Kubernetes<1.24.14
Kubernetes Kubernetes>=1.25.0<1.25.10
Kubernetes Kubernetes>=1.26.0<1.26.5
Kubernetes Kubernetes>=1.27.0<1.27.2
Fedoraproject Fedora=38
CVE-2023-2728
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemera...
Kubernetes Kubernetes<=1.24.14
Kubernetes Kubernetes>=1.25.0<=1.25.10
Kubernetes Kubernetes>=1.26.0<=1.26.5
Kubernetes Kubernetes>=1.27.0<=1.27.2
redhat/kube-apiserver<1.27.3
redhat/kube-apiserver<1.26.6
and 2 more
CVE-2023-2727
A security issue was discovered in Kubernetes where users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters ...
Kubernetes Kubernetes<=1.24.14
Kubernetes Kubernetes>=1.25.0<=1.25.10
Kubernetes Kubernetes>=1.26.0<=1.26.5
Kubernetes Kubernetes>=1.27.0<=1.27.2
redhat/kube-apiserver<1.27.3
redhat/kube-apiserver<1.26.6
and 2 more
CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes s...
go/github.com/kubernetes/kubernetes>=1.22.0<1.22.16
go/github.com/kubernetes/kubernetes>=1.23.0<1.23.14
go/github.com/kubernetes/kubernetes>=1.24.0<1.24.8
go/github.com/kubernetes/kubernetes>=1.25.0<1.25.4
Kubernetes Kubernetes<1.22.16
Kubernetes Kubernetes>=1.23.0<1.23.14
and 2 more
CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted b...
redhat/openshift<0:4.12.0-202301042257.p0.g77bec7a.assembly.stream.el9
redhat/microshift<0:4.12.4-202302151633.p0.gb9fe8ac.assembly.4.12.4.el8
Kubernetes Kubernetes<=1.22.15
Kubernetes Kubernetes>=1.23.0<=1.23.13
Kubernetes Kubernetes>=1.24.0<=1.24.7
Kubernetes Kubernetes>=1.25.0<=1.25.3
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
Kubernetes Kubernetes>=1.24.0<1.24.5
Kubernetes Kubernetes>=1.23.0<1.23.11
Kubernetes Kubernetes>=1.22.0<1.22.14
Kubernetes Kubernetes>=1.20.0<=1.21.0
redhat/kubelet<1.22.14
redhat/kubelet<1.23.11
and 2 more
CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Servic...
Kubernetes Kubernetes<=1.18.18
Kubernetes Kubernetes>=1.19.0<=1.19.10
Kubernetes Kubernetes>=1.20.0<=1.20.6
Kubernetes Kubernetes=1.21.0
CVE-2021-25743
kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured s...
go/k8s.io/kubernetes<1.26.0-alpha.3
Kubernetes Kubernetes<=1.18.0
CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Kubernetes Kubernetes
CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver req...
Kubernetes Kubernetes=1.20.11
Kubernetes Kubernetes=1.21.5
Kubernetes Kubernetes=1.22.2
CVE-2021-25741
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host files...
Kubernetes Kubernetes<=1.19.14
Kubernetes Kubernetes>=1.20.0<=1.20.10
Kubernetes Kubernetes>=1.21.0<=1.21.4
Kubernetes Kubernetes>=1.22.0<=1.22.1
CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or l...
Kubernetes Kubernetes>=1.16.0<1.18.19
Kubernetes Kubernetes>=1.19.0<1.19.10
Kubernetes Kubernetes>=1.20.0<1.20.7
Kubernetes Kubernetes=1.21.0
redhat/openshift<0:4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el8
CVE-2021-25735
A vulnerability in Kubernetes `kube-apiserver` could allow node updates to bypass a _Validating Admission Webhook_ and allow unauthorized node updates. The information that is provided to the admissio...
go/k8s.io/kubernetes<=1.18.17
go/k8s.io/kubernetes>=1.19.0<=1.19.9
go/k8s.io/kubernetes>=1.20.0<=1.20.5
redhat/kubernetes<1.21.0
redhat/kubernetes<1.20.6
redhat/kubernetes<1.19.10
and 5 more
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker...
redhat/atomic-openshift<0:3.11.374-1.git.0.ebd3ee9.el7
Kubernetes Kubernetes
Oracle Communications Cloud Native Core Network Slice Selection Function=1.2.1
Oracle Communications Cloud Native Core Policy=1.15.0
Oracle Communications Cloud Native Core Service Communication Proxy=1.14.0
CVE-2020-8566
A flaw was found in kubernetes. If the logging level is to at least 4, and Ceph RBD is configured as a storage provisioner, then Ceph RBD admin secrets can be written to logs. This occurs in kube-cont...
redhat/openshift<0:4.7.0-202102060108.p0.git.97095.7271b90.el8
Kubernetes Kubernetes>=1.17.0<1.17.13
Kubernetes Kubernetes>=1.18.0<1.18.10
Kubernetes Kubernetes>=1.19.0<1.19.3
redhat/kubernetes<1.19.3
redhat/kubernetes<1.18.10
and 4 more
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This...
go/k8s.io/client-go<0.17.16
go/k8s.io/client-go>=0.18.0<0.18.14
go/k8s.io/client-go>=0.20.0-alpha.0<0.20.0-alpha.2
go/k8s.io/client-go>=0.19.0<0.19.6
redhat/kubernetes<1.20.0
redhat/kubernetes<1.19.6
and 6 more
CVE-2020-8564
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets...
go/k8s.io/kubernetes<1.20.0-alpha.1
go/github.com/kubernetes/kubernetes<1.17.13
go/github.com/kubernetes/kubernetes>=1.18.0<1.18.10
go/github.com/kubernetes/kubernetes>=1.19.0<1.19.3
redhat/kubernetes<1.19.3
redhat/kubernetes<1.18.10
and 7 more
CVE-2020-8563
A flaw was found in kubernetes. Clusters running on VSphere, using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller ...
redhat/openshift<0:4.6.0-202012051246.p0.git.94231.efc9027.el8
Kubernetes Kubernetes<1.19.3
redhat/kubernetes<1.19.3
go/github.com/kubernetes/kubernetes<1.19.3
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
Kubernetes Kubernetes>=1.0.0<=1.17.0
CVE-2020-8559
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromise...
redhat/atomic-openshift<0:3.11.346-1.git.0.ea10721.el7
redhat/openshift<0:4.4.0-202012052258.p0.git.0.0fd57a4.el7
redhat/openshift<0:4.6.0-202010022112.p0.git.94033.ef41184.el7
Kubernetes Kubernetes>=1.6.0<=1.15.0
Kubernetes Kubernetes>=1.16.0<1.16.13
Kubernetes Kubernetes>=1.17.0<1.17.9
and 7 more
CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound...
redhat/atomic-openshift<0:3.11.248-1.git.0.92ee8ac.el7
redhat/openshift<0:4.3.31-202007280738.p0.git.0.9884401.el7
redhat/openshift<0:4.4.0-202007090832.p0.git.0.bc32fb1.el8
redhat/openshift<0:4.5.0-202007012112.p0.git.0.582d7fc.el7
Kubernetes Kubernetes>=1.1.0<=1.16.10
Kubernetes Kubernetes>=1.17.0<=1.17.6
and 1 more
CVE-2020-8557
A flaw was found in Kubernetes, where the amount of disk space the /etc/hosts file can use is unconstrained . This flaw can allow attacker-controlled pods to cause a denial of service if they have per...
redhat/atomic-openshift<0:3.11.542-1.git.0.f2fd300.el7
redhat/openshift<0:4.3.37-202009120213.p0.git.0.dffefe4.el8
redhat/openshift<0:4.4.0-202008250319.p0.git.0.d653415.el8
redhat/openshift<0:4.5.0-202008130146.p0.git.0.aaf1d57.el8
Kubernetes Kubernetes<1.16.13
Kubernetes Kubernetes>=1.17.0<1.17.9
and 8 more
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certa...
go/k8s.io/kubernetes<1.15.12
go/k8s.io/kubernetes>=1.16.0<1.16.9
go/k8s.io/kubernetes>=1.17.0<1.17.4
go/k8s.io/kubernetes>=1.18.0<1.18.1
redhat/kube-controller-manager<1.18.1
redhat/kube-controller-manager<1.17.5
and 10 more
CVE-2020-8551
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP ...
Kubernetes Kubernetes>=1.15.0<=1.15.9
Kubernetes Kubernetes>=1.16.0<=1.16.6
Kubernetes Kubernetes>=1.17.0<=1.17.2
Fedoraproject Fedora=32
CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to co...
Kubernetes Kubernetes<1.15.10
Kubernetes Kubernetes>=1.16.0<1.16.7
Kubernetes Kubernetes>=1.17.0<1.17.3
redhat/atomic-openshift<0:3.11.232-1.git.0.a5bc32f.el7
redhat/openshift<0:4.5.0-202007012112.p0.git.0.582d7fc.el8
CVE-2020-8552
A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash.
redhat/atomic-enterprise-service-catalog<1:3.11.219-1.git.1.717017c.el7
redhat/atomic-openshift<0:3.11.219-1.git.0.0c21387.el7
redhat/atomic-openshift-cluster-autoscaler<0:3.11.219-1.git.1.1ad3e34.el7
redhat/atomic-openshift-descheduler<0:3.11.219-1.git.1.7e5b9ee.el7
redhat/atomic-openshift-dockerregistry<0:3.11.219-1.git.1.8323991.el7
redhat/atomic-openshift-metrics-server<0:3.11.219-1.git.1.6fe54fb.el7
and 19 more
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbit...
Kubernetes Kubernetes>=1.10.0<=1.13.13
Kubernetes Kubernetes=1.14.0-alpha0
Kubernetes Kubernetes=1.14.0-alpha1
Fedoraproject Fedora=31
redhat/atomic-openshift<0:3.11.346-1.git.0.ea10721.el7
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloa...
redhat/jaeger<0:v1.13.1.redhat5-1.el7
redhat/jaeger-operator<0:v1.13.1.redhat8-1.el7
redhat/kiali<0:v1.0.7.redhat1-1.el7
redhat/servicemesh<0:1.0.2-3.el8
redhat/servicemesh-cni<0:1.0.2-3.el8
redhat/servicemesh-grafana<0:6.2.2-24.el8
and 25 more
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place ...
redhat/atomic-openshift<0:3.11.154-1.git.0.7a097ad.el7
redhat/atomic-openshift<0:3.9.102-1.git.0.6411f52.el7
redhat/openshift<0:4.1.21-201910220952.git.0.493dbf6.el7
Kubernetes Kubernetes>=1.13.0<1.13.11
Kubernetes Kubernetes>=1.14.0<1.14.7
Kubernetes Kubernetes>=1.15.0<1.15.4
and 4 more
CVE-2019-11246
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...
Kubernetes Kubernetes>=1.0.0<=1.12.10
Kubernetes Kubernetes>=1.13.0<1.13.9
Kubernetes Kubernetes>=1.14.0<1.14.5
Kubernetes Kubernetes>=1.15.0<1.15.2
Kubernetes Kubernetes=1.12.11-beta0
CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially ...
Kubernetes Kubernetes<1.12.10
Kubernetes Kubernetes=1.13.0
Kubernetes Kubernetes=1.13.0-alpha0
Kubernetes Kubernetes=1.13.0-alpha1
Kubernetes Kubernetes=1.13.0-alpha2
Kubernetes Kubernetes=1.13.0-alpha3
and 44 more
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as...
go/k8s.io/kubernetes<1.16.0-beta.1
go/k8s.io/client-go<0.17.0
redhat/atomic-openshift<0:3.11.157-1.git.0.dfe38da.el7
redhat/openshift<0:4.1.27-201912021146.git.0.a40116f.el7
Kubernetes Kubernetes<1.15.3
Kubernetes Kubernetes=1.15.3
and 8 more
CVE-2019-11249
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over th...
redhat/kubernetes<1.13.9
redhat/kubernetes<1.14.5
redhat/kubernetes<1.15.2
redhat/kubernetes<1.16.0
redhat/atomic-openshift<0:3.10.181-1.git.0.3ab4b3d.el7
redhat/ansible-service-broker<1:1.3.23-2.el7
and 14 more
CVE-2019-11247
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this m...
go/k8s.io/apiextensions-apiserver>=0.15.0<0.15.2
go/k8s.io/apiextensions-apiserver>=0.14.0<0.14.5
go/k8s.io/apiextensions-apiserver>=0.7.0<0.13.9
redhat/kubernetes<1.13.9
redhat/kubernetes<1.14.5
redhat/kubernetes<1.15.2
and 34 more
CVE-2019-11245
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit `runAsUser` attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. ...
Kubernetes Kubernetes=1.13.6
Kubernetes Kubernetes=1.14.2
go/k8s.io/kubernetes/cmd/kubelet>=1.13.0<1.13.7
go/k8s.io/kubernetes/cmd/kubelet>=1.14.0<1.14.3
redhat/kubernetes<1.13.7
redhat/kubernetes<1.14.3
CVE-2019-11244
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by `--cache-dir` (defaulting to `$HOME/.kube/http-cache`), written with world-writeable permissions (`rw-rw-rw-...
go/k8s.io/client-go>=1.8.0<1.12.9
Kubernetes Kubernetes>=1.8.0<=1.14.1
Netapp Trident
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certific...
Kubernetes Kubernetes>=1.12.0<=1.12.4
Kubernetes Kubernetes=1.13.0
Netapp Trident
CVE-2019-9946
Cncf Portmap<0.7.5
Kubernetes Kubernetes<1.11.9
Kubernetes Kubernetes>=1.12.0<1.12.7
Kubernetes Kubernetes>=1.13.0<1.13.5
Kubernetes Kubernetes=1.13.6-beta0
Kubernetes Kubernetes=1.14.0-alpha0
and 8 more
CVE-2019-1002101
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kube...
Kubernetes Kubernetes>=1.11.0<1.11.9
Kubernetes Kubernetes>=1.12.0<1.12.7
Kubernetes Kubernetes>=1.13.0<1.13.5
Kubernetes Kubernetes=1.14.0
Redhat Openshift Container Platform=3.9
Redhat Openshift Container Platform=3.10
and 1 more
CVE-2019-1002100
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch"...
go/k8s.io/kubernetes>=1.13.0<=1.13.3
go/k8s.io/kubernetes>=1.12.0<=1.12.5
go/k8s.io/kubernetes>=1.11.0<=1.11.7
go/k8s.io/kubernetes>=1.0<=1.10
redhat/kube-apiserver<1.11.8
redhat/kube-apiserver<1.12.6
and 9 more
CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injec...
go/k8s.io/kubernetes>=1.11.0<1.11.2
go/k8s.io/kubernetes>=1.10.0<1.10.6
go/k8s.io/kubernetes>=1.9.0<1.9.10
Kubernetes Kubernetes>=1.9.0<=1.9.9
Kubernetes Kubernetes>=1.10.0<=1.10.5
Kubernetes Kubernetes>=1.11.0<=1.11.1
CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establ...
Kubernetes Kubernetes>=1.0.0<=1.9.11
Kubernetes Kubernetes>=1.10.0<=1.10.10
Kubernetes Kubernetes>=1.11.0<=1.11.4
Kubernetes Kubernetes>=1.12.0<=1.12.2
Kubernetes Kubernetes=1.9.12-beta0
Redhat Openshift Container Platform=3.2
and 8 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203