CVSS: 6.3EPSS: 16%CPEs: 5EXPL: 0CVE-2020-8555 – Kubernetes kube-controller-manager SSRF
https://notcve.org/view.php?id=CVE-2020-8555
04 Jun 2020 — The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). El Kubernetes kube-controller-manager en las versiones v1.0-1.14, versiones anteriores a v1.15.12, v1.16.9, v1.17.5 y v1.18.0, son vulnerabl... • http://www.openwall.com/lists/oss-security/2020/06/01/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11254 – Kubernetes API Server denial of service vulnerability from malicious YAML payloads
https://notcve.org/view.php?id=CVE-2019-11254
01 Apr 2020 — The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. El componente Kubernetes API Server en versiones 1.1-1.14 y versiones anteriores a 1.15.10, 1.16.7 y 1.17.3, permite a un usuario autorizado que envía cargas maliciosas de YAML causar que el kube-apiserver consuma ciclos de CPU excesivos mientras analiza YAML. Red ... • https://github.com/kubernetes/kubernetes/issues/89535 • CWE-400: Uncontrolled Resource Consumption CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8552 – Kubernetes API server denial of service
https://notcve.org/view.php?id=CVE-2020-8552
27 Mar 2020 — The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. Se detectó que el componente servidor de la API Kubernetes en versiones anteriores a 1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegación de servicio versiones por medio de unas peticiones de la API con éxito. A denial of service vulnerability was found in the Kubernetes API s... • https://github.com/kubernetes/kubernetes/issues/89378 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8551 – Kubernetes kubelet denial of service
https://notcve.org/view.php?id=CVE-2020-8551
27 Mar 2020 — The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. Se detectó que el componente Kubelet en versiones 1.15.0-1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegación de servicio por medio la API de kubelet, inclu... • https://github.com/kubernetes/kubernetes/issues/89377 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1002104
https://notcve.org/view.php?id=CVE-2018-1002104
14 Jan 2020 — Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. Las versiones anteriores a 1.5 del back-end predeterminado de ingreso de Kubernetes, que maneja el tráfico de ingreso no válido, expuso públicamente las métricas de prometeus. • https://github.com/kubernetes/ingress-nginx/pull/3125 • CWE-20: Improper Input Validation CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-11255 – Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation
https://notcve.org/view.php?id=CVE-2019-11255
05 Dec 2019 — Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (
CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1002102 – Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints
https://notcve.org/view.php?id=CVE-2018-1002102
05 Dec 2019 — Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. Una comprobación inapropiada de un redireccionamiento de URL en el servidor Kubernetes API en versiones anteriores a v1.14.0, permite que un Kubelet controlado por el... • https://github.com/kubernetes/kubernetes/issues/85867 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14891 – cri-o: infra container reparented to systemd following OOM Killer killing it's conmon
https://notcve.org/view.php?id=CVE-2019-14891
25 Nov 2019 — A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host. Se encontró un fallo en cri-o, como un resultado de que todos los procesos relacionados con pod están colocados en el mismo grupo de memoria. Esto puede resultar en que se e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14891 • CWE-460: Improper Cleanup on Thrown Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 1CVE-2019-10223
https://notcve.org/view.php?id=CVE-2019-10223
05 Nov 2019 — A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and relea... • http://www.openwall.com/lists/oss-security/2019/08/15/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 2%CPEs: 4EXPL: 0CVE-2019-11251 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11251
31 Oct 2019 — The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. El comando kubectl cp de Kubernetes en las versiones 1.1-1.12 y versiones anteriores a 1.13.11, 1.14.7 y 1.15.4,... • https://github.com/kubernetes/kubernetes/issues/87773 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •