Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes kubernetes vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
578
VMScore
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed malicious users to invoke arbitrary methods, bypassing typical sandbox protection.
Jenkins Kubernetes Pipeline
356
VMScore
CVE-2019-10469
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Kubernetes Ci
356
VMScore
CVE-2019-10470
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Kubernetes Ci
578
VMScore
CVE-2022-0567
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged malicious user to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. Th...
Ovn Ovn-kubernetes
802
VMScore
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicio...
Kubernetes Cri-o
3 Github repositories
NA
CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
Kubernetes Ingress-nginx
1 Github repository
1 Article
NA
CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Kubernetes Ingress-nginx
3 Github repositories
1 Article
490
VMScore
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
490
VMScore
CVE-2021-25746
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configur...
Kubernetes Ingress-nginx
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »