Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicio...
Kubernetes Cri-o
3 Github repositories
NA
CVE-2023-1065
This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be ...
Snyk Kubernetes Monitor
NA
CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
Kubernetes Ingress-nginx
1 Github repository
1 Article
NA
CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Kubernetes Ingress-nginx
3 Github repositories
1 Article
6.5
CVSSv2
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
6.8
CVSSv2
CVE-2019-10468
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Kubernetes Ci
4
CVSSv2
CVE-2019-10470
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Kubernetes Ci
5.5
CVSSv2
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
NA
CVE-2021-25748
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obta...
Kubernetes Ingress-nginx
4
CVSSv2
CVE-2019-10365
Jenkins Google Kubernetes Engine Plugin 0.6.2 and previous versions created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.
Google Kubernetes Engine
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »