Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2021-25741
A security issue exists in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
Kubernetes Kubernetes
4 Github repositories
2.1
CVSSv2
CVE-2021-25743
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
Kubernetes Kubernetes
NA
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
Kubernetes Kubernetes
7.5
CVSSv2
CVE-2018-1002101
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
Kubernetes Kubernetes
5
CVSSv2
CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
Kubernetes Kubernetes
2.1
CVSSv2
CVE-2020-8563
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
Kubernetes Kubernetes
2.1
CVSSv2
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
Kubernetes Kubernetes
NA
CVE-2023-3955
A security issue exists in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Kubernetes Kubernetes
NA
CVE-2022-3172
A security issue exists in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
Kubernetes Apiserver
Kubernetes Apiserver 1.25.0
4
CVSSv2
CVE-2020-8552
The Kubernetes API server component in versions before 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
Kubernetes Kubernetes
Fedoraproject Fedora 32
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »