kube-apiserver vulnerabilities and exploits

(subscribe to this query)

A security issue exists in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network ...

Kubernetes Kube-apiserver

An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need ...

Kubernetes Kube-apiserver -Redhat Openshift Container Platform 4.10 Redhat Openshift Container Platform 4.11 Redhat Openshift Container Platform 4.12 Redhat Openshift Container Platform 4.13

A security issue exists in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs wh...

Kubernetes Kubernetes 1.20.11 Kubernetes Kubernetes 1.21.5 Kubernetes Kubernetes 1.22.2

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint...

Kubernetes Kubernetes

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application...

Kubernetes Kubernetes Redhat Openshift Container Platform 3.10 Redhat Openshift Container Platform 3.11

3 Github repositories

A security issue exists in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state ...

Kubernetes Kubernetes

2 Github repositories

The Kubernetes API Server component in versions 1.1-1.14, and versions before 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

Kubernetes Kubernetes

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an malicious user to escalate privileges from a node compromise to a full cluster compr...

Kubernetes Kubernetes

3 Github repositories

A security issue exists in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

Kubernetes Apiserver Kubernetes Apiserver 1.25.0

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Redhat Openshift Container Platform

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook