CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8569 – Kubernetes CSI snapshot-controller DoS
https://notcve.org/view.php?id=CVE-2020-8569
21 Jan 2021 — Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop. Only the volume snapshot feature is affected by this vulnerability.... • https://github.com/kubernetes-csi/external-snapshotter/issues/380 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8568 – Kubernetes Secrets Store CSI Driver sync/rotate directory traversal
https://notcve.org/view.php?id=CVE-2020-8568
21 Jan 2021 — Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets. Kubernetes Secrets Store CSI Driver versiones v0.0.15 y v0.0.16, permiten a un atacante que pueda modificar un recurso SecretProviderClassPodStatus/Status la capacidad de escribir con... • https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 6.3EPSS: 30%CPEs: 4EXPL: 6CVE-2020-8554 – Kubernetes man in the middle using LoadBalancer or ExternalIPs
https://notcve.org/view.php?id=CVE-2020-8554
20 Jan 2021 — Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. El servidor de la API de Kubernetes en todas las versiones permite a un atacante que puede crear un s... • https://github.com/jrmurray000/CVE-2020-8554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-283: Unverified Ownership •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8563 – Secret leaks in logs for vSphere Provider kube-controller-manager
https://notcve.org/view.php?id=CVE-2020-8563
07 Dec 2020 — In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. En los clústeres de Kubernetes que utilizan VSphere como proveedor de nube, con un nivel de registro establecido en 4 o superior, las credenciales de la nube de VSphere se filtrarán en el registro del administrador del controlador de nube. Esto afecta a versiones anteriores a v1.19.3 A flaw was found in kuber... • https://github.com/kubernetes/kubernetes/issues/95621 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8565 – Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
https://notcve.org/view.php?id=CVE-2020-8565
07 Dec 2020 — In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. En Kubernetes, si el nivel de registro se establece en al menos 9, los tokens de autorización y portador se escribirán en los archivos de registro. Esto puede ocurrir tanto en los registros del servidor API como en la salida de la herramienta clie... • https://github.com/kubernetes/kubernetes/issues/95623 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8566 – Ceph RBD adminSecrets exposed in logs when loglevel >= 4
https://notcve.org/view.php?id=CVE-2020-8566
07 Dec 2020 — In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. En los clústeres de Kubernetes que usan Ceph RBD como aprovisionador de almacenamiento, con un nivel de registro de al menos 4, los secretos de administración de Ceph RBD se pueden escribir en los registros. Esto ocurre en... • https://github.com/kubernetes/kubernetes/issues/95624 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8564 – Docker config secrets leaked when file is malformed and loglevel >= 4
https://notcve.org/view.php?id=CVE-2020-8564
27 Oct 2020 — In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. En los clústeres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuración de docker malformado dará como resultado la filtración del contenido del archivo de configuración de docker,... • https://github.com/kubernetes/kubernetes/issues/95622 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8553 – Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
https://notcve.org/view.php?id=CVE-2020-8553
29 Jul 2020 — The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name. El componente Kubernetes ingress-nginx anterior a la versión 0.28.0, permite a un usuario crear espacios de nombres y leer y crear objetos de ingreso para sobrescribir el archivo de contraseña de otr... • https://github.com/kubernetes/ingress-nginx/issues/5126 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8557 – Kubernetes node disk Denial of Service by writing to container /etc/hosts
https://notcve.org/view.php?id=CVE-2020-8557
23 Jul 2020 — The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. El componente kubelet de Kubenetes versiones 1.1-1.16.12, 1.... • https://github.com/kubernetes/kubernetes/issues/93032 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11252 – Credential leakage when failing to mount
https://notcve.org/view.php?id=CVE-2019-11252
23 Jul 2020 — The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. El Kubernetes kube-controller-manager en versiones v1.0-v1.17, es vulnerable a una filtración de credenciales por medio de mensajes de error en registros de fallo de montaje y eventos para volúmenes de AzureFile y CephFS A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS ... • https://github.com/kubernetes/kubernetes/pull/88684 • CWE-209: Generation of Error Message Containing Sensitive Information •