Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
NA
CVE-2021-25748
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obta...
Kubernetes Ingress-nginx
6.5
CVSSv2
CVE-2022-0567
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged malicious user to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. Th...
Ovn Ovn-kubernetes
NA
CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
Kubernetes Ingress-nginx
1 Github repository
1 Article
9
CVSSv2
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicio...
Kubernetes Cri-o
3 Github repositories
4.9
CVSSv2
CVE-2020-8553
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyph...
Kubernetes Ingress-nginx
NA
CVE-2023-1065
This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be ...
Snyk Kubernetes Monitor
6.5
CVSSv2
CVE-2018-1000400
Kubernetes CRI-O version before 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to b...
Kubernetes Cri-o
1 Github repository
5.5
CVSSv2
CVE-2021-25746
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configur...
Kubernetes Ingress-nginx
6.8
CVSSv2
CVE-2021-31938
Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability
Microsoft Kubernetes Tools -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »