Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
Kubernetes Ingress-nginx
1 Github repository
1 Article
8.8
CVSSv3
CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Kubernetes Ingress-nginx
3 Github repositories
1 Article
7.3
CVSSv3
CVE-2021-31938
Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
Microsoft Kubernetes Tools -
5.3
CVSSv3
CVE-2023-1065
This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be ...
Snyk Kubernetes Monitor
6.5
CVSSv3
CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Kubernetes Ingress-nginx
1 Article
8.1
CVSSv3
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
8.8
CVSSv3
CVE-2018-1000400
Kubernetes CRI-O version before 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to b...
Kubernetes Cri-o
1 Github repository
9.9
CVSSv3
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
9.9
CVSSv3
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
9.1
CVSSv3
CVE-2022-0567
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged malicious user to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. Th...
Ovn Ovn-kubernetes
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »