Kubernetes

Kubernetes

62 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-1002105

Exploit
  • EPSS 90.7%
  • Veröffentlicht 05.12.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:38

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server...

9.8

CVE-2018-1002101

  • EPSS 0.65%
  • Veröffentlicht 05.12.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:38

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

8.1

CVE-2016-7075

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.09.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 02:57:24

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509...

5.5

CVE-2018-1002100

  • EPSS 0.68%
  • Veröffentlicht 02.06.2018 01:29:02
  • Zuletzt bearbeitet 21.11.2024 03:40:38

In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.

6.3

CVE-2017-1002102

  • EPSS 0.4%
  • Veröffentlicht 13.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:58

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are ru...

9.6

CVE-2017-1002101

Exploit
  • EPSS 31.97%
  • Veröffentlicht 13.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:04:58

In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outs...

6.5

CVE-2017-1002100

  • EPSS 0.37%
  • Veröffentlicht 14.09.2017 13:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to...

3.5

CVE-2015-7561

  • EPSS 0.14%
  • Veröffentlicht 07.08.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

9.8

CVE-2017-1000056

  • EPSS 0.48%
  • Veröffentlicht 17.07.2017 13:18:17
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

5.3

CVE-2015-7528

  • EPSS 0.37%
  • Veröffentlicht 11.04.2016 21:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.