Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes kubernetes - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions before 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation...
Kubernetes Kubernetes 1.1-1.12
Kubernetes Kubernetes
4.3
CVSSv2
CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not ef...
Kubernetes Kubernetes 1.13.0
Kubernetes Kubernetes
Netapp Trident -
2.1
CVSSv2
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with ...
Kubernetes Kubernetes 1.14.0
Kubernetes Kubernetes
Fedoraproject Fedora 31
3.5
CVSSv2
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprot...
Kubernetes Kubernetes 1.18.0
Kubernetes Kubernetes
Fedoraproject Fedora 32
2 Github repositories
NA
CVE-2023-1174
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.
Kubernetes Minikube 1.26.0
Kubernetes Minikube 1.26.1
Kubernetes Minikube 1.27.0
Kubernetes Minikube 1.27.1
Kubernetes Minikube 1.28.0
7.5
CVSSv2
CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
Kubernetes Kubernetes
6
CVSSv2
CVE-2020-8559
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an malicious user to escalate privileges from a node compromise to a full cluster compr...
Kubernetes Kubernetes
3 Github repositories
2.1
CVSSv2
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
Kubernetes Kubernetes
NA
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
Kubernetes Kubernetes
2.1
CVSSv2
CVE-2020-8563
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
Kubernetes Kubernetes
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »