VYPR

Kubernetes

by Cri O

Source repositories

CVEs (74)

  • CVE-2020-8551Mar 27, 2020
    risk 0.00cvss epss 0.01

    The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API…

  • CVE-2019-11251Feb 3, 2020
    risk 0.00cvss epss 0.02

    The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp…

  • CVE-2018-1002102Dec 5, 2019
    risk 0.00cvss epss 0.01

    Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with…

  • CVE-2019-11250Aug 29, 2019
    risk 0.00cvss epss 0.02

    The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token…

  • CVE-2019-11249Aug 29, 2019
    risk 0.00cvss epss 0.04

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…

  • CVE-2019-11247Aug 29, 2019
    risk 0.00cvss epss 0.02

    The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning…

  • CVE-2019-11246Aug 29, 2019
    risk 0.00cvss epss 0.04

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in…

  • CVE-2019-11245Aug 29, 2019
    risk 0.00cvss epss 0.01

    In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the…

  • CVE-2019-11244Apr 22, 2019
    risk 0.00cvss epss 0.00

    In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to…

  • CVE-2019-11243Apr 22, 2019
    risk 0.00cvss epss 0.01

    In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not…

  • CVE-2019-9946Apr 2, 2019
    risk 0.00cvss epss 0.03

    Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take…

  • CVE-2019-1002101Apr 1, 2019
    risk 0.00cvss epss 0.13

    The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is…

  • CVE-2019-1002100Apr 1, 2019
    risk 0.00cvss epss 0.11

    In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type:…

  • CVE-2018-1002101Dec 5, 2018
    risk 0.00cvss epss 0.04

    In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

Page 4 of 4