apk package
wolfi/kubernetes-1.32
pkg:apk/wolfi/kubernetes-1.32
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8554 | — | < 0 | 0 | Jan 21, 2021 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and | ||
| CVE-2016-7075 | — | < 0 | 0 | Sep 10, 2018 | It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | ||
| CVE-2015-7561 | Low | 3.1 | < 0 | 0 | Aug 7, 2017 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |
| CVE-2016-1906 | Cri | 9.8 | < 0 | 0 | Feb 3, 2016 | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |
| CVE-2016-1905 | Hig | 7.7 | < 0 | 0 | Feb 3, 2016 | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. |
- CVE-2020-8554Jan 21, 2021affected < 0fixed 0
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and
- CVE-2016-7075Sep 10, 2018affected < 0fixed 0
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
- affected < 0fixed 0
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
- affected < 0fixed 0
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
- affected < 0fixed 0
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
Page 2 of 2