ovn-kubernetes
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7646 | Hig | 0.59 | 8.8 | 0.27 | Aug 16, 2024 | A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx… | ||
| CVE-2022-0567 | Cri | 0.59 | 9.1 | 0.01 | Apr 20, 2022 | A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This… | ||
| CVE-2019-11248 | Hig | 0.58 | 8.2 | 0.61 | Aug 29, 2019 | The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and… | ||
| CVE-2021-25749 | Hig | 0.51 | 7.8 | 0.00 | May 24, 2023 | Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | ||
| CVE-2025-7342 | Hig | 0.49 | 7.5 | 0.00 | Aug 17, 2025 | A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.… | ||
| CVE-2019-11249 | Med | 0.43 | 6.5 | 0.04 | Aug 29, 2019 | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in… | ||
| CVE-2018-1002102 | Low | 0.17 | 2.6 | 0.01 | Dec 5, 2019 | Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with… | ||
| CVE-2019-11246 | Med | 0.00 | 6.5 | 0.04 | Aug 29, 2019 | The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in… | ||
| CVE-2019-9946 | Hig | 0.00 | 7.5 | 0.03 | Apr 2, 2019 | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take… |
- risk 0.59cvss 8.8epss 0.27
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx…
- risk 0.59cvss 9.1epss 0.01
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This…
- risk 0.58cvss 8.2epss 0.61
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and…
- risk 0.51cvss 7.8epss 0.00
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
- risk 0.49cvss 7.5epss 0.00
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.…
- risk 0.43cvss 6.5epss 0.04
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…
- risk 0.17cvss 2.6epss 0.01
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with…
- risk 0.00cvss 6.5epss 0.04
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…
- risk 0.00cvss 7.5epss 0.03
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take…