VYPR

Kubernetes

by Cri O

Source repositories

CVEs (74)

  • CVE-2024-7646HigAug 16, 2024
    risk 0.59cvss 8.8epss 0.27

    A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx…

  • CVE-2017-1002101HigMar 13, 2018
    risk 0.58cvss 8.8epss 0.12

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including…

  • CVE-2025-15566HigFeb 6, 2026
    risk 0.57cvss 8.8epss 0.00

    A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and…

  • CVE-2026-24512HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.01

    A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the…

  • CVE-2026-1580HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of…

  • CVE-2017-1000056CriJul 17, 2017
    risk 0.57cvss 9.8epss 0.02

    Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

  • CVE-2016-1906CriFeb 3, 2016
    risk 0.57cvss 9.8epss 0.05

    Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

  • CVE-2025-7342HigAug 17, 2025
    risk 0.49cvss 7.5epss 0.00

    A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.…

  • CVE-2024-10220HigNov 22, 2024
    risk 0.46cvss 8.1epss 0.03

    The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

  • CVE-2017-1002102HigMar 13, 2018
    risk 0.46cvss 7.1epss 0.01

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.

  • CVE-2024-0793HigNov 17, 2024
    risk 0.43cvss 7.7epss 0.01

    A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.

  • CVE-2020-8554MedJan 21, 2021
    risk 0.43cvss 6.3epss 0.09

    Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation…

  • CVE-2016-1905HigFeb 3, 2016
    risk 0.43cvss 7.7epss 0.02

    The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

  • CVE-2026-24514MedFeb 3, 2026
    risk 0.42cvss 6.5epss 0.00

    A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the…

  • CVE-2025-1767MedMar 13, 2025
    risk 0.42cvss 6.5epss 0.01

    This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using…

  • CVE-2017-1002100MedSep 14, 2017
    risk 0.42cvss 6.5epss 0.01

    Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires…

  • CVE-2016-5392MedAug 5, 2016
    risk 0.42cvss 6.5epss 0.02

    The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.

  • CVE-2025-0426MedFeb 13, 2025
    risk 0.40cvss 6.2epss 0.00

    A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

  • CVE-2025-5187MedAug 27, 2025
    risk 0.37cvss 6.7epss 0.00

    A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is…

  • CVE-2024-5321MedJul 18, 2024
    risk 0.33cvss 6.1epss 0.00

    A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.

Page 1 of 4