CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4886 – Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
https://notcve.org/view.php?id=CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. La sanitización del parámetro `path` de Ingress-nginx se puede omitir con la directiva `log_format`. • http://www.openwall.com/lists/oss-security/2023/10/25/5 https://github.com/kubernetes/ingress-nginx/issues/10570 https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI https://security.netapp.com/advisory/ntap-20240307-0013 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1943 – Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
https://notcve.org/view.php?id=CVE-2023-1943
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. Escalada de privilegios en kOps utilizando el proveedor GCE/GCP en modo Gossip. • https://github.com/kubernetes/kops/issues/15539 https://groups.google.com/g/kubernetes-security-announce/c/yrCE1x89oaU • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3676 – Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-3676
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Se descubrió un problema de seguridad en Kubernetes donde un usuario que pueda crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los clústeres de Kubernetes solo se ven afectados si incluyen nodos de Windows. A vulnerability was found in Kubernetes. • https://github.com/kubernetes/kubernetes/issues/119339 https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc https://security.netapp.com/advisory/ntap-20231130-0007 https://access.redhat.com/security/cve/CVE-2023-3676 https://bugzilla.redhat.com/show_bug.cgi?id=2227126 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-3955 – Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-3955
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Se descubrió un problema de seguridad en Kubernetes donde un usuario que puede crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los clústeres de Kubernetes solo se ven afectados si incluyen nodos de Windows. A vulnerability was found in Kubernetes. • https://github.com/kubernetes/kubernetes/issues/119595 https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E https://security.netapp.com/advisory/ntap-20231221-0002 https://access.redhat.com/security/cve/CVE-2023-3955 https://bugzilla.redhat.com/show_bug.cgi?id=2227128 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-1260 – Kube-apiserver: privesc
https://notcve.org/view.php?id=CVE-2023-1260
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. Se descubrió una vulnerabilidad de omisión de autenticación en kube-apiserver. • https://access.redhat.com/errata/RHSA-2023:3976 https://access.redhat.com/errata/RHSA-2023:4093 https://access.redhat.com/errata/RHSA-2023:4312 https://access.redhat.com/errata/RHSA-2023:4898 https://access.redhat.com/errata/RHSA-2023:5008 https://access.redhat.com/security/cve/CVE-2023-1260 https://bugzilla.redhat.com/show_bug.cgi?id=2176267 https://github.com/advisories/GHSA-92hx-3mh6-hc49 https://security.netapp.com/advisory/ntap-20231020-0010 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •