rpm package
suse/kubernetes1.24&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/kubernetes1.24&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-0793 | Hig | 7.7 | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Nov 17, 2024 | A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn. | |
| CVE-2024-34158 | Hig | 7.5 | < 1.24.17-150300.7.9.1 | 1.24.17-150300.7.9.1 | Sep 6, 2024 | Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | |
| CVE-2024-34156 | Hig | 7.5 | < 1.24.17-150300.7.9.1 | 1.24.17-150300.7.9.1 | Sep 6, 2024 | Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. | |
| CVE-2024-34155 | Med | 4.3 | < 1.24.17-150300.7.9.1 | 1.24.17-150300.7.9.1 | Sep 6, 2024 | Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | |
| CVE-2024-3177 | Low | 2.7 | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Apr 22, 2024 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T | |
| CVE-2023-45288 | Hig | 7.5 | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Apr 4, 2024 | An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma | |
| CVE-2024-24786 | Hig | 7.5 | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Mar 5, 2024 | The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | |
| CVE-2023-39325 | — | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Oct 11, 2023 | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack | ||
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-2728 | — | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Jul 3, 2023 | Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se | ||
| CVE-2023-2727 | — | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Jul 3, 2023 | Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | ||
| CVE-2021-25743 | — | < 1.24.17-150300.7.6.1 | 1.24.17-150300.7.6.1 | Jan 7, 2022 | kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. |
- affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
- affected < 1.24.17-150300.7.9.1fixed 1.24.17-150300.7.9.1
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
- affected < 1.24.17-150300.7.9.1fixed 1.24.17-150300.7.9.1
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
- affected < 1.24.17-150300.7.9.1fixed 1.24.17-150300.7.9.1
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
- affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. T
- affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed Ma
- affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
- CVE-2023-39325Oct 11, 2023affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack
- affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2023-2728Jul 3, 2023affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s se
- CVE-2023-2727Jul 3, 2023affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
- CVE-2021-25743Jan 7, 2022affected < 1.24.17-150300.7.6.1fixed 1.24.17-150300.7.6.1
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.