VYPR

rpm package

suse/kubernetes&distro=SUSE Linux Enterprise Module for Containers 15 SP1

pkg:rpm/suse/kubernetes&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1

Vulnerabilities (9)

  • CVE-2020-8565Dec 7, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

  • CVE-2020-8566Dec 7, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, <

  • CVE-2020-15187Sep 17, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attac

  • CVE-2020-15186Sep 17, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm

  • CVE-2020-15185Sep 17, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad chart into a repository. To perform this at

  • CVE-2020-15184Sep 17, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is

  • CVE-2020-15112Aug 5, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go do

  • CVE-2020-15106Aug 5, 2020
    affected < 1.17.13-4.21.2fixed 1.17.13-4.21.2

    In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that

  • CVE-2020-8557Jul 23, 2020
    affected < 1.17.4-4.18.1fixed 1.17.4-4.18.1

    The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculati