VYPR

ovn-kubernetes

by Ovn Kubernetes

CVEs (9)

  • CVE-2024-7646HigAug 16, 2024
    risk 0.59cvss 8.8epss 0.27

    A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx…

  • CVE-2022-0567CriApr 20, 2022
    risk 0.59cvss 9.1epss 0.01

    A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This…

  • CVE-2019-11248HigAug 29, 2019
    risk 0.58cvss 8.2epss 0.61

    The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and…

  • CVE-2021-25749HigMay 24, 2023
    risk 0.51cvss 7.8epss 0.00

    Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

  • CVE-2025-7342HigAug 17, 2025
    risk 0.49cvss 7.5epss 0.00

    A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.…

  • CVE-2019-11249MedAug 29, 2019
    risk 0.43cvss 6.5epss 0.04

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…

  • CVE-2018-1002102LowDec 5, 2019
    risk 0.17cvss 2.6epss 0.01

    Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with…

  • CVE-2019-11246MedAug 29, 2019
    risk 0.00cvss 6.5epss 0.04

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…

  • CVE-2019-9946HigApr 2, 2019
    risk 0.00cvss 7.5epss 0.03

    Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take…