Vendor CVEs
Cri O
All CVEs
102 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1974 | Cri | 0.74 | 9.8 | 0.99 | Mar 25, 2025 | A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the… | ||
| CVE-2025-1097 | Hig | 0.65 | 8.8 | 0.35 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx… | ||
| CVE-2025-24514 | Hig | 0.64 | 8.8 | 0.32 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and… | ||
| CVE-2025-1098 | Hig | 0.63 | 8.8 | 0.83 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of… | ||
| CVE-2024-7646 | Hig | 0.59 | 8.8 | 0.27 | Aug 16, 2024 | A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx… | ||
| CVE-2017-1002101 | Hig | 0.58 | 8.8 | 0.12 | Mar 13, 2018 | In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including… | ||
| CVE-2026-3288 | Hig | 0.57 | 8.8 | 0.07 | Mar 9, 2026 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of… | ||
| CVE-2025-15566 | Hig | 0.57 | 8.8 | 0.00 | Feb 6, 2026 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and… | ||
| CVE-2026-24512 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2026 | A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the… | ||
| CVE-2026-1580 | Hig | 0.57 | 8.8 | 0.00 | Feb 3, 2026 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of… | ||
| CVE-2017-1000056 | Cri | 0.57 | 9.8 | 0.02 | Jul 17, 2017 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | ||
| CVE-2016-1906 | Cri | 0.57 | 9.8 | 0.05 | Feb 3, 2016 | Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | ||
| CVE-2026-4342 | Hig | 0.50 | 8.8 | 0.01 | Mar 19, 2026 | A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the… | ||
| CVE-2025-7342 | Hig | 0.49 | 7.5 | 0.00 | Aug 17, 2025 | A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.… | ||
| CVE-2024-10220 | Hig | 0.46 | 8.1 | 0.03 | Nov 22, 2024 | The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. | ||
| CVE-2017-1002102 | Hig | 0.46 | 7.1 | 0.01 | Mar 13, 2018 | In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | ||
| CVE-2025-0750 | Med | 0.43 | 6.6 | 0.00 | Jan 28, 2025 | A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by… | ||
| CVE-2024-0793 | Hig | 0.43 | 7.7 | 0.01 | Nov 17, 2024 | A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn. | ||
| CVE-2020-8554 | Med | 0.43 | 6.3 | 0.09 | Jan 21, 2021 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation… | ||
| CVE-2016-1905 | Hig | 0.43 | 7.7 | 0.02 | Feb 3, 2016 | The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||
| CVE-2026-24514 | Med | 0.42 | 6.5 | 0.00 | Feb 3, 2026 | A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the… | ||
| CVE-2025-1767 | Med | 0.42 | 6.5 | 0.01 | Mar 13, 2025 | This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using… | ||
| CVE-2017-1002100 | Med | 0.42 | 6.5 | 0.01 | Sep 14, 2017 | Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires… | ||
| CVE-2016-5392 | Med | 0.42 | 6.5 | 0.02 | Aug 5, 2016 | The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. | ||
| CVE-2024-8676 | Hig | 0.41 | 7.4 | 0.01 | Nov 26, 2024 | A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the… | ||
| CVE-2025-0426 | Med | 0.40 | 6.2 | 0.00 | Feb 13, 2025 | A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. | ||
| CVE-2024-3154 | Hig | 0.40 | 7.2 | 0.01 | Apr 26, 2024 | A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. | ||
| CVE-2025-5187 | Med | 0.37 | 6.7 | 0.00 | Aug 27, 2025 | A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is… | ||
| CVE-2025-4437 | Med | 0.37 | 5.7 | 0.00 | Aug 20, 2025 | There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it… | ||
| CVE-2024-5321 | Med | 0.33 | 6.1 | 0.00 | Jul 18, 2024 | A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. | ||
| CVE-2025-13281 | Med | 0.31 | 5.8 | 0.00 | Dec 14, 2025 | A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network… | ||
| CVE-2025-24513 | Med | 0.31 | 4.8 | 0.04 | Mar 25, 2025 | A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in… | ||
| CVE-2024-9042 | Med | 0.31 | 5.9 | 0.01 | Mar 13, 2025 | This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | ||
| CVE-2015-7528 | Med | 0.28 | 5.3 | 0.02 | Apr 11, 2016 | Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | ||
| CVE-2020-8561 | Med | 0.27 | 4.1 | 0.02 | Sep 20, 2021 | A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view… | ||
| CVE-2018-1002100 | Med | 0.27 | 4.2 | 0.02 | Jun 2, 2018 | In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | ||
| CVE-2026-24513 | Low | 0.20 | 3.1 | 0.00 | Feb 3, 2026 | A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration… | ||
| CVE-2024-7598 | Low | 0.20 | 3.1 | 0.00 | Mar 20, 2025 | A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for… | ||
| CVE-2021-25740 | Low | 0.20 | 3.1 | 0.02 | Sep 20, 2021 | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||
| CVE-2020-8562 | Low | 0.14 | 2.2 | 0.01 | Feb 1, 2022 | As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation… | ||
| CVE-2015-7561 | Low | 0.13 | 3.1 | 0.01 | Aug 7, 2017 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | ||
| CVE-2025-4563 | Low | 0.11 | 2.7 | 0.01 | Jun 23, 2025 | A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status… | ||
| CVE-2024-3177 | Low | 0.11 | 2.7 | 0.02 | Apr 22, 2024 | A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.… | ||
| CVE-2019-11248 | 0.07 | — | 0.61 | Aug 29, 2019 | The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and… | |||
| CVE-2021-25741 | 0.03 | — | 0.07 | Sep 20, 2021 | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | |||
| CVE-2018-1002105 | 0.03 | — | 0.87 | Dec 5, 2018 | In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then… | |||
| CVE-2022-0811 | 0.02 | — | 0.19 | Mar 16, 2022 | A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the… | |||
| CVE-2020-8558 | 0.02 | — | 0.04 | Jul 27, 2020 | The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a… | |||
| CVE-2019-11253 | 0.02 | — | 0.26 | Oct 17, 2019 | Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially… | |||
| CVE-2023-5044 | 0.01 | — | 0.57 | Oct 25, 2023 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. |
- risk 0.74cvss 9.8epss 0.99
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the…
- risk 0.65cvss 8.8epss 0.35
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx…
- risk 0.64cvss 8.8epss 0.32
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and…
- risk 0.63cvss 8.8epss 0.83
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of…
- risk 0.59cvss 8.8epss 0.27
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx…
- risk 0.58cvss 8.8epss 0.12
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including…
- risk 0.57cvss 8.8epss 0.07
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of…
- risk 0.57cvss 8.8epss 0.00
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and…
- risk 0.57cvss 8.8epss 0.01
A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the…
- risk 0.57cvss 8.8epss 0.00
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of…
- risk 0.57cvss 9.8epss 0.02
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
- risk 0.57cvss 9.8epss 0.05
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
- risk 0.50cvss 8.8epss 0.01
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the…
- risk 0.49cvss 7.5epss 0.00
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build.…
- risk 0.46cvss 8.1epss 0.03
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
- risk 0.46cvss 7.1epss 0.01
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
- risk 0.43cvss 6.6epss 0.00
A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by…
- risk 0.43cvss 7.7epss 0.01
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
- risk 0.43cvss 6.3epss 0.09
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation…
- risk 0.43cvss 7.7epss 0.02
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
- risk 0.42cvss 6.5epss 0.00
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, which may result in the…
- risk 0.42cvss 6.5epss 0.01
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using…
- risk 0.42cvss 6.5epss 0.01
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires…
- risk 0.42cvss 6.5epss 0.02
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
- risk 0.41cvss 7.4epss 0.01
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the…
- risk 0.40cvss 6.2epss 0.00
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.
- risk 0.40cvss 7.2epss 0.01
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
- risk 0.37cvss 6.7epss 0.00
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is…
- risk 0.37cvss 5.7epss 0.00
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it…
- risk 0.33cvss 6.1epss 0.00
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
- risk 0.31cvss 5.8epss 0.00
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network…
- risk 0.31cvss 4.8epss 0.04
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in…
- risk 0.31cvss 5.9epss 0.01
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
- risk 0.28cvss 5.3epss 0.02
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
- risk 0.27cvss 4.1epss 0.02
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view…
- risk 0.27cvss 4.2epss 0.02
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
- risk 0.20cvss 3.1epss 0.00
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration…
- risk 0.20cvss 3.1epss 0.00
A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for…
- risk 0.20cvss 3.1epss 0.02
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
- risk 0.14cvss 2.2epss 0.01
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation…
- risk 0.13cvss 3.1epss 0.01
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
- risk 0.11cvss 2.7epss 0.01
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status…
- risk 0.11cvss 2.7epss 0.02
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.…
- CVE-2019-11248Aug 29, 2019risk 0.07cvss —epss 0.61
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and…
- CVE-2021-25741Sep 20, 2021risk 0.03cvss —epss 0.07
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
- CVE-2018-1002105Dec 5, 2018risk 0.03cvss —epss 0.87
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then…
- CVE-2022-0811Mar 16, 2022risk 0.02cvss —epss 0.19
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the…
- CVE-2020-8558Jul 27, 2020risk 0.02cvss —epss 0.04
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a…
- CVE-2019-11253Oct 17, 2019risk 0.02cvss —epss 0.26
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially…
- CVE-2023-5044Oct 25, 2023risk 0.01cvss —epss 0.57
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Page 1 of 3