Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
5.3
CVSSv3
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
6.5
CVSSv3
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Kubernetes Continuous Deploy
6.5
CVSSv3
CVE-2022-27210
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Kubernetes Continuous Deploy
6.5
CVSSv3
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Kubernetes Continuous Deploy
6.5
CVSSv3
CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and previous versions does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not...
Jenkins Kubernetes Credentials Provider
8.8
CVSSv3
CVE-2022-2385
A security issue exists in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Kubernetes Aws-iam-authenticator
1 Article
6.8
CVSSv3
CVE-2021-24109
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service -
9.8
CVSSv3
CVE-2023-29332
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service -
1 Github repository
1 Article
6.5
CVSSv3
CVE-2019-16576
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernet...
Jenkins Alauda Kubernetes Support
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »