https://kubernetes.iodocs/reference/issues-security/official-cve-feed/ Auto-refreshing official CVE feed for Kubernetes repository Hugo -- gohugo.io en-US The Kubernetes Authors Mon, 14 Aug 2023 14:16:35 +0000 https://github.com/kubernetes/kubernetes/issues/118690 Thu, 15 Jun 2023 14:42:32 +0000 https://www.cve.org/cverecord?id=CVE-2023-2431 Bypass of seccomp profile enforcement https://github.com/kubernetes/kubernetes/issues/118640 Tue, 13 Jun 2023 14:42:06 +0000 https://www.cve.org/cverecord?id=CVE-2023-2727, CVE-2023-2728 Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin https://github.com/kubernetes/kubernetes/issues/118419 Fri, 02 Jun 2023 19:03:54 +0000 https://www.cve.org/cverecord?id=CVE-2023-2878 secrets-store-csi-driver discloses service account tokens in logs https://github.com/kubernetes/kubernetes/issues/113757 Tue, 08 Nov 2022 21:33:26 +0000 https://www.cve.org/cverecord?id=CVE-2022-3294 Node address isn't always verified when proxying https://github.com/kubernetes/kubernetes/issues/113756 Tue, 08 Nov 2022 21:33:07 +0000 https://www.cve.org/cverecord?id=CVE-2022-3162 Unauthorized read of Custom Resources https://github.com/kubernetes/kubernetes/issues/112513 Fri, 16 Sep 2022 13:14:50 +0000 https://www.cve.org/cverecord?id=CVE-2022-3172 Aggregated API server can cause clients to be redirected (SSRF) https://github.com/kubernetes/kubernetes/issues/112192 Thu, 01 Sep 2022 21:02:01 +0000 https://www.cve.org/cverecord?id=CVE-2021-25749 `runAsNonRoot` logic bypass for Windows containers https://github.com/kubernetes/kubernetes/issues/104980 Mon, 13 Sep 2021 20:58:56 +0000 https://www.cve.org/cverecord?id=CVE-2021-25741 Symlink Exchange Can Allow Host Filesystem Access https://github.com/kubernetes/kubernetes/issues/102106 Tue, 18 May 2021 19:14:27 +0000 https://www.cve.org/cverecord?id=CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack https://github.com/kubernetes/kubernetes/issues/101435 Fri, 23 Apr 2021 18:07:32 +0000 https://www.cve.org/cverecord?id=CVE-2021-3121 Processes may panic upon receipt of malicious protobuf messages https://github.com/kubernetes/kubernetes/issues/100096 Wed, 10 Mar 2021 18:18:01 +0000 https://www.cve.org/cverecord?id=CVE-2021-25735 Validating Admission Webhook does not observe some previous fields https://github.com/kubernetes/kubernetes/issues/97076 Fri, 04 Dec 2020 20:02:15 +0000 https://www.cve.org/cverecord?id=CVE-2020-8554 Man in the middle using LoadBalancer or ExternalIPs https://github.com/kubernetes/kubernetes/issues/95624 Thu, 15 Oct 2020 22:07:53 +0000 https://www.cve.org/cverecord?id=CVE-2020-8566 Ceph RBD adminSecrets exposed in logs when loglevel >= 4 https://github.com/kubernetes/kubernetes/issues/95623 Thu, 15 Oct 2020 22:05:32 +0000 https://www.cve.org/cverecord?id=CVE-2020-8565 Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 https://github.com/kubernetes/kubernetes/issues/95622 Thu, 15 Oct 2020 22:03:19 +0000 https://www.cve.org/cverecord?id=CVE-2020-8564 Docker config secrets leaked when file is malformed and log level >= 4 https://github.com/kubernetes/kubernetes/issues/95621 Thu, 15 Oct 2020 22:00:44 +0000 https://www.cve.org/cverecord?id=CVE-2020-8563 Secret leaks in kube-controller-manager when using vSphere provider https://github.com/kubernetes/kubernetes/issues/93032 Mon, 13 Jul 2020 18:39:08 +0000 https://www.cve.org/cverecord?id=CVE-2020-8557 Node disk DOS by writing to container /etc/hosts https://github.com/kubernetes/kubernetes/issues/92914 Wed, 08 Jul 2020 17:03:16 +0000 https://www.cve.org/cverecord?id=CVE-2020-8559 Privilege escalation from compromised node to cluster https://github.com/kubernetes/kubernetes/issues/92315 Fri, 19 Jun 2020 18:38:58 +0000 https://www.cve.org/cverecord?id=CVE-2020-8558 Node setting allows for neighboring hosts to bypass localhost boundary https://github.com/kubernetes/kubernetes/issues/91542 Thu, 28 May 2020 16:13:34 +0000 https://www.cve.org/cverecord?id=CVE-2020-8555 Half-Blind SSRF in kube-controller-manager https://github.com/kubernetes/kubernetes/issues/91507 Wed, 27 May 2020 19:32:29 +0000 https://www.cve.org/cverecord?id=CVE-2020-10749 IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements https://github.com/kubernetes/kubernetes/issues/89535 Thu, 26 Mar 2020 18:55:26 +0000 https://www.cve.org/cverecord?id=CVE-2019-11254 kube-apiserver Denial of Service vulnerability from malicious YAML payloads https://github.com/kubernetes/kubernetes/issues/89378 Mon, 23 Mar 2020 18:35:34 +0000 https://www.cve.org/cverecord?id=CVE-2020-8552 apiserver DoS (oom) https://github.com/kubernetes/kubernetes/issues/89377 Mon, 23 Mar 2020 18:34:40 +0000 https://www.cve.org/cverecord?id=CVE-2020-8551 Kubelet DoS via API https://github.com/kubernetes/kubernetes/issues/87773 Mon, 03 Feb 2020 15:12:22 +0000 https://www.cve.org/cverecord?id=CVE-2019-11251 kubectl cp symlink vulnerability https://github.com/kubernetes/kubernetes/issues/85867 Tue, 03 Dec 2019 22:58:37 +0000 https://www.cve.org/cverecord?id=CVE-2018-1002102 Unvalidated redirect https://github.com/kubernetes/kubernetes/issues/85233 Wed, 13 Nov 2019 20:57:31 +0000 https://www.cve.org/cverecord?id=CVE-2019-11255 CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation https://github.com/kubernetes/kubernetes/issues/83253 Fri, 27 Sep 2019 16:53:31 +0000 https://www.cve.org/cverecord?id=CVE-2019-11253 Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack https://github.com/kubernetes/kubernetes/issues/81114 Thu, 08 Aug 2019 02:03:04 +0000 https://www.cve.org/cverecord?id=CVE-2019-11250 Bearer tokens are revealed in logs https://github.com/kubernetes/kubernetes/issues/81023 Tue, 06 Aug 2019 14:34:33 +0000 https://www.cve.org/cverecord?id=CVE-2019-11248 /debug/pprof exposed on kubelet's healthz port https://github.com/kubernetes/kubernetes/issues/80984 Mon, 05 Aug 2019 12:44:23 +0000 https://www.cve.org/cverecord?id=CVE-2019-11249 Incomplete fixes for CVE-2019-1002101 and CVE-2019-11246, kubectl cp potential directory traversal https://github.com/kubernetes/kubernetes/issues/80983 Mon, 05 Aug 2019 12:44:08 +0000 https://www.cve.org/cverecord?id=CVE-2019-11247 API server allows access to custom resources via wrong scope https://github.com/kubernetes/kubernetes/issues/78308 Fri, 24 May 2019 16:14:49 +0000 https://www.cve.org/cverecord?id=CVE-2019-11245 container uid changes to root after first restart or if image is already pulled to the node https://github.com/kubernetes/kubernetes/issues/76797 Thu, 18 Apr 2019 21:31:53 +0000 https://www.cve.org/cverecord?id=CVE-2019-11243 rest.AnonymousClientConfig() does not remove the serviceaccount credentials from config created by rest.InClusterConfig() https://github.com/kubernetes/kubernetes/issues/76676 Tue, 16 Apr 2019 20:14:25 +0000 https://www.cve.org/cverecord?id=CVE-2019-11244 `kubectl:-http-cache=<world-accessible dir>` creates world-writeable cached schema files https://github.com/kubernetes/kubernetes/issues/74534 Mon, 25 Feb 2019 19:39:09 +0000 https://www.cve.org/cverecord?id=CVE-2019-1002100 json-patch requests can exhaust apiserver resources https://github.com/kubernetes/kubernetes/issues/71411 Mon, 26 Nov 2018 11:07:36 +0000 https://www.cve.org/cverecord?id=CVE-2018-1002105 proxy request handling in kube-apiserver can leave vulnerable TCP connections https://github.com/kubernetes/kubernetes/issues/65750 Tue, 03 Jul 2018 08:06:15 +0000 https://www.cve.org/cverecord?id=CVE-2018-1002101 smb mount security issue https://github.com/kubernetes/kubernetes/issues/61297 Fri, 16 Mar 2018 19:24:46 +0000 https://www.cve.org/cverecord?id=CVE-2018-1002100 Kubectl copy doesn't check for paths outside of it's destination directory. https://github.com/kubernetes/kubernetes/issues/60814 Mon, 05 Mar 2018 20:55:20 +0000 https://www.cve.org/cverecord?id=CVE-2017-1002102 atomic writer volume handling allows arbitrary file deletion in host filesystem https://github.com/kubernetes/kubernetes/issues/60813 Mon, 05 Mar 2018 20:53:58 +0000 https://www.cve.org/cverecord?id=CVE-2017-1002101 subpath volume mount handling allows arbitrary file access in host filesystem https://github.com/kubernetes/kubernetes/issues/47611 Thu, 15 Jun 2017 18:59:13 +0000 https://www.cve.org/cverecord?id=CVE-2017-1002100 Azure PV should be Private scope not Container scope https://github.com/kubernetes/kubernetes/issues/43459 Tue, 21 Mar 2017 15:22:29 +0000 https://www.cve.org/cverecord?id=CVE-2017-1000056 PodSecurityPolicy admission plugin authorizes incorrectly