CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8562 – Bypass of Kubernetes API Server proxy TOCTOU
https://notcve.org/view.php?id=CVE-2020-8562
01 Feb 2022 — As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actu... • https://github.com/kubernetes/kubernetes/issues/101493 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 3.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25743 – ANSI escape characters in kubectl output are not being filtered
https://notcve.org/view.php?id=CVE-2021-25743
07 Jan 2022 — kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. kubectl no neutraliza las secuencias de escape, meta o de control contenidas en los datos brutos que envía a un terminal. Esto incluye, pero no se limita, a los campos de cadena no estructurados en objetos como los Eventos • https://github.com/kubernetes/kubernetes/issues/101695 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-25741 – Symlink Exchange Can Allow Host Filesystem Access
https://notcve.org/view.php?id=CVE-2021-25741
20 Sep 2021 — A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de crear un contenedor con montajes de volumen de sub-ruta para acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host A flaw was found in kubernetes. An authorized user can... • https://github.com/Betep0k/CVE-2021-25741 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25735 – Validating Admission Webhook does not observe some previous fields
https://notcve.org/view.php?id=CVE-2021-25735
28 Jul 2021 — A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. Se ha detectado un problema de seguridad en kube-apiserver que podría permitir a las actualizaciones de los nodos omitir un Validating A... • https://github.com/darryk10/CVE-2021-25735 • CWE-20: Improper Input Validation CWE-372: Incomplete Internal State Distinction •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 6CVE-2020-8554 – Kubernetes man in the middle using LoadBalancer or ExternalIPs
https://notcve.org/view.php?id=CVE-2020-8554
20 Jan 2021 — Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. El servidor de la API de Kubernetes en todas las versiones permite a un atacante que puede crear un s... • https://github.com/jrmurray000/CVE-2020-8554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-283: Unverified Ownership •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8563 – Secret leaks in logs for vSphere Provider kube-controller-manager
https://notcve.org/view.php?id=CVE-2020-8563
07 Dec 2020 — In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. En los clústeres de Kubernetes que utilizan VSphere como proveedor de nube, con un nivel de registro establecido en 4 o superior, las credenciales de la nube de VSphere se filtrarán en el registro del administrador del controlador de nube. Esto afecta a versiones anteriores a v1.19.3 A flaw was found in kuber... • https://github.com/kubernetes/kubernetes/issues/95621 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2307 – jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
https://notcve.org/view.php?id=CVE-2020-2307
04 Nov 2020 — Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permiten a usuarios con pocos privilegios acceder a variables de entorno del controlador de Jenkins posiblemente confidenciales Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed includ... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2308 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates
https://notcve.org/view.php?id=CVE-2020-2308
04 Nov 2020 — A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Una falta de comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los nombres de las plantillas pod global Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Is... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2309 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs
https://notcve.org/view.php?id=CVE-2020-2309
04 Nov 2020 — A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta / o una incorrecta comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de credenciales almacenadas en Jenkins Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform sol... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8557 – Kubernetes node disk Denial of Service by writing to container /etc/hosts
https://notcve.org/view.php?id=CVE-2020-8557
23 Jul 2020 — The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. El componente kubelet de Kubenetes versiones 1.1-1.16.12, 1.... • https://github.com/kubernetes/kubernetes/issues/93032 • CWE-400: Uncontrolled Resource Consumption •