Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
NA
CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and previous versions does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not...
Jenkins Kubernetes Credentials Provider
6
CVSSv2
CVE-2021-24109
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service -
NA
CVE-2023-33234
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connectio...
Apache Airflow Cncf Kubernetes
4
CVSSv2
CVE-2019-10445
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and previous versions allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
Jenkins Google Kubernetes Engine
6.5
CVSSv2
CVE-2020-2121
Jenkins Google Kubernetes Engine Plugin 0.8.0 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Google Kubernetes Engine
2 Github repositories
6
CVSSv2
CVE-2022-2385
A security issue exists in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Kubernetes Aws-iam-authenticator
1 Article
2.1
CVSSv2
CVE-2021-1677
Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Azure Kubernetes Service -
1 Article
NA
CVE-2023-29332
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service -
1 Github repository
1 Article
NA
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and i...
Kubernetes Cri-o 1.25.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »