apk package
wolfi/spark-operator
pkg:apk/wolfi/spark-operator
Vulnerabilities (89)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2727 | — | < 0 | 0 | Jul 3, 2023 | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | ||
| CVE-2023-2431 | — | < 0 | 0 | Jun 16, 2023 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un | ||
| CVE-2021-25743 | — | < 0 | 0 | Jan 7, 2022 | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. | ||
| CVE-2021-25740 | — | < 0 | 0 | Sep 20, 2021 | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||
| CVE-2020-8561 | — | < 0 | 0 | Sep 20, 2021 | A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver | ||
| CVE-2020-8554 | — | < 0 | 0 | Jan 21, 2021 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and | ||
| CVE-2020-8564 | — | < 1.1.27-r17 | 1.1.27-r17 | Dec 7, 2020 | In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | ||
| CVE-2020-8565 | — | < 2.1.0-r8 | 2.1.0-r8 | Dec 7, 2020 | In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | ||
| CVE-2020-8559 | — | < 2.1.0-r8 | 2.1.0-r8 | Jul 22, 2020 | The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. |
- CVE-2023-2727Jul 3, 2023affected < 0fixed 0
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
- CVE-2023-2431Jun 16, 2023affected < 0fixed 0
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in un
- CVE-2021-25743Jan 7, 2022affected < 0fixed 0
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
- CVE-2021-25740Sep 20, 2021affected < 0fixed 0
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
- CVE-2020-8561Sep 20, 2021affected < 0fixed 0
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver
- CVE-2020-8554Jan 21, 2021affected < 0fixed 0
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and
- CVE-2020-8564Dec 7, 2020affected < 1.1.27-r17fixed 1.1.27-r17
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
- CVE-2020-8565Dec 7, 2020affected < 2.1.0-r8fixed 2.1.0-r8
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
- CVE-2020-8559Jul 22, 2020affected < 2.1.0-r8fixed 2.1.0-r8
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Page 5 of 5