Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes kubernetes vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes serv...
Jenkins Alauda Kubernetes Support
605
VMScore
CVE-2019-10468
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Kubernetes Ci
605
VMScore
CVE-2019-10338
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and previous versions in GlobalPluginConfiguration#doValidateClient allowed malicious users to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
Jenkins Jx Resources
580
VMScore
CVE-2022-22472
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 up to and including 10.1.10.2 for Kubernetes and 10.1.7 up to and including 10.1.10.2 for Red Hat OpenShift) could allow a remote malicious user to bypass IBM Spectrum Protect Plus role based access control restrictio...
Ibm Spectrum Protect Plus Container Backup And Restore
580
VMScore
CVE-2022-23652
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions before 0.2.1 an attacker with a proper authentication mechanism may use a malicious `Connection` header to start a privilege escalation attack towards the Kubernetes API ...
Clastix Capsule-proxy
580
VMScore
CVE-2021-43858
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23...
Minio Minio
2 Github repositories
580
VMScore
CVE-2020-17132
Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server 2013
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
2 Articles
580
VMScore
CVE-2020-17142
Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server 2013
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
1 Article
580
VMScore
CVE-2020-2121
Jenkins Google Kubernetes Engine Plugin 0.8.0 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Google Kubernetes Engine
2 Github repositories
578
VMScore
CVE-2022-24877
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an malicious user to expose sensitive data from the controller’s pod filesystem and possibly privilege escalati...
Fluxcd Flux2
Fluxcd Kustomize-controller
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »