Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions before 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation...
Kubernetes Kubernetes 1.1-1.12
Kubernetes Kubernetes
4.3
CVSSv2
CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not ef...
Kubernetes Kubernetes 1.13.0
Kubernetes Kubernetes
Netapp Trident -
3.5
CVSSv2
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprot...
Kubernetes Kubernetes 1.18.0
Kubernetes Kubernetes
Fedoraproject Fedora 32
2 Github repositories
2.1
CVSSv2
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with ...
Kubernetes Kubernetes 1.14.0
Kubernetes Kubernetes
Fedoraproject Fedora 31
NA
CVE-2023-1174
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.
Kubernetes Minikube 1.26.0
Kubernetes Minikube 1.26.1
Kubernetes Minikube 1.27.0
Kubernetes Minikube 1.27.1
Kubernetes Minikube 1.28.0
3.5
CVSSv2
CVE-2021-25740
A security issue exists with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Kubernetes Kubernetes -
5.5
CVSSv2
CVE-2021-25741
A security issue exists in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Kubernetes Kubernetes
4 Github repositories
NA
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
Kubernetes Kubernetes
2.1
CVSSv2
CVE-2020-8557
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculati...
Kubernetes Kubernetes
4 Github repositories
5.8
CVSSv2
CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such ...
Kubernetes Kubernetes
7 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »