Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kubernetes vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-11253
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crash...
Kubernetes Kubernetes
Redhat Openshift Container Platform 3.9
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 3.10
1 Article
6.5
CVSSv3
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.
Jenkins Kubernetes Continuous Deploy
6.5
CVSSv3
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Kubernetes Continuous Deploy
8.8
CVSSv3
CVE-2019-16575
A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes serv...
Jenkins Alauda Kubernetes Support
6.5
CVSSv3
CVE-2019-16576
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernet...
Jenkins Alauda Kubernetes Support
7.1
CVSSv3
CVE-2022-2995
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and i...
Kubernetes Cri-o 1.25.0
8.8
CVSSv3
CVE-2020-2121
Jenkins Google Kubernetes Engine Plugin 0.8.0 and previous versions does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Jenkins Google Kubernetes Engine
2 Github repositories
9
CVSSv3
CVE-2024-21376
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service -
5.5
CVSSv3
CVE-2021-1677
Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Azure Kubernetes Service -
1 Article
8.8
CVSSv3
CVE-2022-2385
A security issue exists in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
Kubernetes Aws-iam-authenticator
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »