Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes kubernetes vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-28448
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
Microsoft Visual Studio Code Kubernetes Tools
6.8
CVSSv2
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes serv...
Jenkins Alauda Kubernetes Support
6.8
CVSSv2
CVE-2019-10468
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Kubernetes Ci
6.8
CVSSv2
CVE-2019-10338
A cross-site request forgery vulnerability in Jenkins JX Resources Plugin 1.0.36 and previous versions in GlobalPluginConfiguration#doValidateClient allowed malicious users to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
Jenkins Jx Resources
6.8
CVSSv2
CVE-2018-1002103
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernet...
Kubernetes Minikube
2 Github repositories
6.5
CVSSv2
CVE-2022-22472
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 up to and including 10.1.10.2 for Kubernetes and 10.1.7 up to and including 10.1.10.2 for Red Hat OpenShift) could allow a remote malicious user to bypass IBM Spectrum Protect Plus role based access control restrictio...
Ibm Spectrum Protect Plus Container Backup And Restore
6.5
CVSSv2
CVE-2022-24877
Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an malicious user to expose sensitive data from the controller’s pod filesystem and possibly privilege escalati...
Fluxcd Flux2
Fluxcd Kustomize-controller
6.5
CVSSv2
CVE-2022-24817
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployment...
Fluxcd Kustomize-controller
Fluxcd Helm-controller
Fluxcd Flux2
6.5
CVSSv2
CVE-2022-0567
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged malicious user to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. Th...
Ovn Ovn-kubernetes
6.5
CVSSv2
CVE-2022-24768
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting w...
Linuxfoundation Argo-cd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »