Page 4 of 96 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified in the service account’s secrets field. • http://www.openwall.com/lists/oss-security/2023/07/06/3 https://github.com/kubernetes/kubernetes/issues/118640 https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 https://security.netapp.com/advisory/ntap-20230803-0004 https://access.redhat.com/security/cve/CVE-2023-2728 https://bugzilla.redhat.com/show_bug.cgi?id=2211348 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. • http://www.openwall.com/lists/oss-security/2023/07/06/2 https://github.com/kubernetes/kubernetes/issues/118640 https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 https://security.netapp.com/advisory/ntap-20230803-0004 https://access.redhat.com/security/cve/CVE-2023-2727 https://bugzilla.redhat.com/show_bug.cgi?id=2211322 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. A flaw was found in Kubernetes. • https://github.com/kubernetes/kubernetes/issues/118690 https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G https://access.redhat.com/security/cve/CVE-2023-2431 https://bugzilla.redhat.com/show_bug.cgi?id=2215555 • CWE-1287: Improper Validation of Specified Type of Input •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. • https://github.com/kubernetes/kubernetes/issues/118419 https://groups.google.com/g/kubernetes-security-announce/c/5K8ghQHBDdQ/m/Udee6YUgAAAJ https://security.netapp.com/advisory/ntap-20230814-0003 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. • https://groups.google.com/g/kubernetes-security-announce/c/2ZkJFMDTKbM • CWE-266: Incorrect Privilege Assignment •