Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Kubernetes Ingress-nginx
1 Article
7.1
CVSSv3
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and i...
Kubernetes Cri-o 1.25.0
5.3
CVSSv3
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
5.5
CVSSv3
CVE-2021-1677
Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Azure Kubernetes Service -
1 Article
6.5
CVSSv3
CVE-2022-27210
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Kubernetes Continuous Deploy
9.8
CVSSv3
CVE-2023-29332
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service -
1 Github repository
1 Article
6.5
CVSSv3
CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and previous versions does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not...
Jenkins Kubernetes Credentials Provider
9
CVSSv3
CVE-2024-21376
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service -
4.3
CVSSv3
CVE-2019-10445
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and previous versions allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.
Jenkins Google Kubernetes Engine
6.5
CVSSv3
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.
Jenkins Kubernetes Continuous Deploy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »