Total
56 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-11247 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-02-28 | 6.5 MEDIUM | 8.1 HIGH |
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||
CVE-2019-11248 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. | |||||
CVE-2019-11249 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||
CVE-2019-11250 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. | |||||
CVE-2018-1002105 | 3 Kubernetes, Netapp, Redhat | 3 Kubernetes, Trident, Openshift Container Platform | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | |||||
CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | |||||
CVE-2016-7075 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. | |||||
CVE-2017-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 5.5 MEDIUM | 9.6 CRITICAL |
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | |||||
CVE-2018-1002100 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 3.6 LOW | 5.5 MEDIUM |
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | |||||
CVE-2017-1002102 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 6.3 MEDIUM | 5.6 MEDIUM |
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | |||||
CVE-2017-1000056 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | |||||
CVE-2017-1002100 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. | |||||
CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-02-28 | 3.5 LOW | 3.1 LOW |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |||||
CVE-2015-7528 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||||
CVE-2016-1905 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 4.0 MEDIUM | 7.7 HIGH |
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | |||||
CVE-2016-1906 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. |