Filters

Software

kubernetes kubernetes
56
kubernetes cri-o
9
kubernetes ingress-nginx
8
kubernetes minikube
3
kubernetes java
2
kubernetes apiserver
1
kubernetes aws-iam-authenticator
1
kubernetes container storage interface snapshotter
1
kubernetes continuous deploy
1
kubernetes csi proxy
1
kubernetes dashboard
1
kubernetes external-provisioner
1
kubernetes external-resizer
1
kubernetes external-snapshotter
1
kubernetes kube-apiserver
1
kubernetes kube-state-metrics
1
kubernetes nginx ingress controller
1
kubernetes operations
1
kubernetes secrets store csi driver
1
kubernetes secrets-store-csi-driver
1

go/k8s.io/kubernetesKubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-5528

Kubernetes KubernetesWindows kube-proxy LoadBalancer contention

medium
6.3
First published (updated )
CVE-2021-25736

Kubernetes ingress-nginxIngress-nginx `path` sanitization can be bypassed with `log_format` directive

high
8.8
First published (updated )
CVE-2022-4886

Kubernetes ingress-nginxIngress nginx annotation injection causes arbitrary command execution

high
8.8
First published (updated )
CVE-2023-5043

Kubernetes ingress-nginxCode injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

high
8.8
First published (updated )
CVE-2023-5044

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes OperationsPrivilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

high
8.8
First published (updated )
CVE-2023-1943

Kubernetes Csi ProxyKubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3893

Kubernetes KubernetesKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3955

Kubernetes KubernetesKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3676

Kubernetes KubernetesBypass of seccomp profile enforcement

medium
5.5
First published (updated )
CVE-2023-2431

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes KubernetesBypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

medium
6.5
First published (updated )
CVE-2023-2728

Kubernetes KubernetesBypassing policies imposed by the ImagePolicyWebhook admission plugin

medium
6.5
First published (updated )
CVE-2023-2727

Kubernetes secrets-store-csi-driverKubernetes secrets-store-csi-driver discloses service account tokens in logs

medium
6.5
First published (updated )
CVE-2023-2878

Kubernetes Minikube[minikube] ssh server with default password

high
8.4
First published (updated )
CVE-2023-1944

go/k8s.io/ingress-nginxIngress-nginx `path` sanitization can be bypassed with newline character

high
7.6
First published (updated )
CVE-2021-25748

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes Minikube[minikube] Network Port exposure in minikube running on macOS using Docker driver

critical
9.8
First published (updated )
CVE-2023-1174

redhat/openshiftKube-apiserver: privesc

critical
9.1
First published (updated )
CVE-2023-1260

go/github.com/kubernetes/kubernetesNode address isn't always verified when proxying

high
8.8
First published (updated )
CVE-2022-3294

Redhat Openshift Container Platform For Arm64Cri-o: /etc/passwd tampering privesc

high
7.8
First published (updated )
CVE-2022-4318

Kubernetes KubernetesUnauthorized read of Custom Resources

medium
6.5
First published (updated )
CVE-2022-3162

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Redhat Openshift Container PlatformCri-o: security regression of cve-2022-27652

medium
5.3
First published (updated )
CVE-2022-3466

Kubernetes ApiserverKubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

high
8.2
First published (updated )
CVE-2022-3172

Kubernetes KubernetesrunAsNonRoot logic bypass for Windows containers

high
7.8
First published (updated )
CVE-2021-25749

redhat/cri-oIncorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive…

high
7.1
First published (updated )
CVE-2022-2995

Kubernetes Aws-iam-authenticatorAccessKeyID validation bypass

high
8.8
First published (updated )
CVE-2022-2385

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/cri-oA vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyon…

high
7.8
First published (updated )
CVE-2022-1708

Kubernetes ingress-nginxIngress-nginx path can be pointed to service account token file

high
8.1
First published (updated )
CVE-2021-25745

Kubernetes ingress-nginxIngress-nginx directive injection via annotations

high
7.6
First published (updated )
CVE-2021-25746

redhat/cri-oA flaw was found in cri-o, where containers were incorrectly started with non-empty default permissi…

medium
5.3
First published (updated )
CVE-2022-27652

Kubernetes Continuous DeployA missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows a…

medium
6.5
First published (updated )
CVE-2022-27209

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/cri-oCode Injection

critical
9
First published (updated )
CVE-2022-0811

Kubernetes KubernetesBypass of Kubernetes API Server proxy TOCTOU

low
3.5
First published (updated )
CVE-2020-8562

redhat/cri-oAn incorrect sysctls validation vulnerability was found in CRI-O. The sysctls from the list of "safe…

medium
4.9
First published (updated )
CVE-2022-0532

go/k8s.io/kubernetesANSI escape characters in kubectl output are not being filtered

low
3
First published (updated )
CVE-2021-25743

Kubernetes ingress-nginxIngress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

high
7.6
First published (updated )
CVE-2021-25742

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes JavaCode exec via yaml parsing

medium
6.7
First published (updated )
CVE-2021-25738

Kubernetes KubernetesWebhook redirect in kube-apiserver

medium
4.1
First published (updated )
CVE-2020-8561

Kubernetes KubernetesSymlink Exchange Can Allow Host Filesystem Access

high
8.8
First published (updated )
CVE-2021-25741

Kubernetes KubernetesHoles in EndpointSlice Validation Enable Host Network Hijack

low
3.5
First published (updated )
CVE-2021-25740

Kubernetes KubernetesHoles in EndpointSlice Validation Enable Host Network Hijack

medium
4.9
First published (updated )
CVE-2021-25737

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/kubernetesValidating Admission Webhook does not observe some previous fields

medium
6.5
First published (updated )
CVE-2021-25735

Kubernetes Container Storage Interface SnapshotterKubernetes CSI snapshot-controller DoS

medium
6.5
First published (updated )
CVE-2020-8569

Kubernetes JavaKubernetes Java client libraries unvalidated path traversal in Copy implementation

critical
9.1
First published (updated )
CVE-2020-8570

Kubernetes Secrets Store CSI DriverKubernetes Secrets Store CSI Driver sync/rotate directory traversal

medium
6.5
First published (updated )
CVE-2020-8568

redhat/atomic-openshiftKubernetes man in the middle using LoadBalancer or ExternalIPs

medium
6.3
First published (updated )
CVE-2020-8554

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes KubernetesCeph RBD adminSecrets exposed in logs when loglevel >= 4

medium
5.5
First published (updated )
CVE-2020-8566

go/k8s.io/client-goIncomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9

medium
5.5
First published (updated )
CVE-2020-8565

go/github.com/kubernetes/kubernetesDocker config secrets leaked when file is malformed and loglevel >= 4

medium
5.5
First published (updated )
CVE-2020-8564

redhat/openshiftSecret leaks in logs for vSphere Provider kube-controller-manager

medium
6.3
First published (updated )
CVE-2020-8563

Kubernetes ingress-nginxKubernetes ingress-nginx Compromise of auth via subset/superset namespace names

medium
5.9
First published (updated )
CVE-2020-8553

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203