Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45226
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed...
F5 Big-ip Next Service Proxy For Kubernetes 1.5.0
NA
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects usin...
Garden Garden
NA
CVE-2022-3248
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an malicious user to violate the boundaries, as permissions will not be applied.
Redhat Openshift Container Platform 4.0
Redhat Advanced Cluster Management For Kubernetes 2.0
NA
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a K...
Opendatahub Open Data Hub Dashboard
Redhat Openshift Data Science -
NA
CVE-2023-40026
Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm prior to 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the s...
Linuxfoundation Argo-cd
NA
CVE-2023-41333
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy en...
Cilium Cilium
NA
CVE-2023-39347
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-pr...
Cilium Cilium
NA
CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
Kubernetes Cri-o -
Redhat Openshift Container Platform For Arm64 4.12
Redhat Openshift Container Platform For Linuxone 4.12
Redhat Openshift Container Platform For Power 4.12
Redhat Openshift Container Platform Ibm Z Systems 4.12
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Redhat Openshift Container Platform For Arm64 4.11
Redhat Openshift Container Platform For Linuxone 4.11
Redhat Openshift Container Platform For Power 4.11
Redhat Openshift Container Platform Ibm Z Systems 4.11
NA
CVE-2023-1260
An authentication bypass vulnerability exists in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need ...
Kubernetes Kube-apiserver -
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.13
NA
CVE-2023-0923
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.
Redhat Openshift Data Science
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »