Filtered by vendor Kubernetes
Subscriptions
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2025-02-13 | 7.6 High |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | ||||
| CVE-2023-5043 | 1 Kubernetes | 1 Ingress-nginx | 2025-02-13 | 7.6 High |
| Ingress nginx annotation injection causes arbitrary command execution. | ||||
| CVE-2023-3955 | 3 Kubernetes, Microsoft, Redhat | 4 Kubelet, Kubernetes, Windows and 1 more | 2025-02-13 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-3893 | 1 Kubernetes | 1 Csi Proxy | 2025-02-13 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | ||||
| CVE-2023-3676 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-02-13 | 8.8 High |
| A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||||
| CVE-2023-2878 | 1 Kubernetes | 1 Secrets-store-csi-driver | 2025-02-13 | 6.5 Medium |
| Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | ||||
| CVE-2023-2728 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Ironic | 2025-02-13 | 6.5 Medium |
| Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | ||||
| CVE-2023-2727 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Ironic | 2025-02-13 | 6.5 Medium |
| Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | ||||
| CVE-2022-4886 | 1 Kubernetes | 1 Ingress-nginx | 2025-02-13 | 8.8 High |
| Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | ||||
| CVE-2022-3172 | 2 Kubernetes, Redhat | 3 Apiserver, Openshift, Openshift Data Foundation | 2025-02-13 | 5.1 Medium |
| A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | ||||
| CVE-2021-25736 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-02-13 | 5.8 Medium |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | ||||
| CVE-2023-2431 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2025-02-13 | 3.4 Low |
| A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | ||||
| CVE-2021-25748 | 1 Kubernetes | 1 Ingress-nginx | 2025-01-16 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25749 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-01-16 | 7.8 High |
| Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | ||||
| CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2025-01-16 | 9.8 Critical |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | ||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2025-01-16 | 8.4 High |
| This vulnerability enables ssh access to minikube container using a default password. | ||||
| CVE-2024-31990 | 3 Argoproj, Kubernetes, Redhat | 3 Argo Cd, Argo-cd, Openshift Gitops | 2025-01-09 | 4.8 Medium |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16. | ||||
| CVE-2023-5528 | 4 Fedoraproject, Kubernetes, Microsoft and 1 more | 4 Fedora, Kubernetes, Windows and 1 more | 2025-01-03 | 7.2 High |
| A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | ||||
| CVE-2024-5154 | 2 Kubernetes, Redhat | 4 Cri-o, Enterprise Linux, Openshift and 1 more | 2024-12-11 | 8.1 High |
| A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | ||||
| CVE-2024-10220 | 1 Kubernetes | 1 Kubelet | 2024-11-25 | 8.1 High |
| The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. | ||||