apk package
chainguard/kubelet-1.30
pkg:apk/chainguard/kubelet-1.30
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24791 | Hig | 7.5 | < 1.30.2-r1 | 1.30.2-r1 | Jul 2, 2024 | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co | |
| CVE-2024-24789 | — | < 1.30.1-r1 | 1.30.1-r1 | Jun 5, 2024 | The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac | ||
| CVE-2024-24790 | — | < 1.30.1-r1 | 1.30.1-r1 | Jun 5, 2024 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||
| CVE-2021-25740 | — | < 0 | 0 | Sep 20, 2021 | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||
| CVE-2020-8554 | — | < 0 | 0 | Jan 21, 2021 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and | ||
| CVE-2016-7075 | — | < 0 | 0 | Sep 10, 2018 | It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | ||
| CVE-2015-7561 | Low | 3.1 | < 0 | 0 | Aug 7, 2017 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |
| CVE-2016-1906 | Cri | 9.8 | < 0 | 0 | Feb 3, 2016 | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |
| CVE-2016-1905 | Hig | 7.7 | < 0 | 0 | Feb 3, 2016 | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. |
- affected < 1.30.2-r1fixed 1.30.2-r1
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the co
- CVE-2024-24789Jun 5, 2024affected < 1.30.1-r1fixed 1.30.1-r1
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip pac
- CVE-2024-24790Jun 5, 2024affected < 1.30.1-r1fixed 1.30.1-r1
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
- CVE-2021-25740Sep 20, 2021affected < 0fixed 0
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
- CVE-2020-8554Jan 21, 2021affected < 0fixed 0
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and
- CVE-2016-7075Sep 10, 2018affected < 0fixed 0
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
- affected < 0fixed 0
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
- affected < 0fixed 0
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
- affected < 0fixed 0
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Page 2 of 2