CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25748 – Ingress-nginx `path` sanitization can be bypassed with newline character
https://notcve.org/view.php?id=CVE-2021-25748
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. • https://github.com/kubernetes/ingress-nginx/issues/8686 https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1944 – [minikube] ssh server with default password
https://notcve.org/view.php?id=CVE-2023-1944
This vulnerability enables ssh access to minikube container using a default password. • https://github.com/kubernetes/minikube • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc
https://notcve.org/view.php?id=CVE-2022-4318
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3294 – Node address isn't always verified when proxying
https://notcve.org/view.php?id=CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. • https://github.com/kubernetes/kubernetes/issues/113757 https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA https://security.netapp.com/advisory/ntap-20230505-0007 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25749 – runAsNonRoot logic bypass for Windows containers
https://notcve.org/view.php?id=CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. A flaw was found in Kubernetes. This issue allows Windows workloads to run as a ContainerAdministrator even when the workloads set the runAsNonRoot option to true. • https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA https://access.redhat.com/security/cve/CVE-2021-25749 https://bugzilla.redhat.com/show_bug.cgi?id=2127808 • CWE-284: Improper Access Control CWE-842: Placement of User into Incorrect Group •