Page 9 of 43 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0

Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. Los permisos de acceso por defecto para volúmenes persistentes (PV) creados por el proveedor de servicios en la nube Kubernetes en Azure, en sus versiones de la 1.6.0 a la 1.6.5, están establecidos a "container", lo que expone una URI que se puede acceder sin autenticación en la red de internet pública. Para acceder al string URI se requieren permisos de acceso al clúster de Kubernetes o acceso autenticado al portal Azure. • https://github.com/kubernetes/kubernetes/issues/47611 https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. En Kubernetes versión 1.5.0 hasta 1.5.4, es vulnerable a una escalada de privilegios en el plugin admission de PodSecurityPolicy, resultando en la capacidad de hacer uso de cualquier objeto PodSecurityPolicy existente. • https://github.com/kubernetes/kubernetes/issues/43459 • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Kubernetes en versiones anteriores a 1.2.0-alpha.5 permite a atacantes remotos leer logs de pod arbitrarios a través de un nombre de contenedor. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. • http://rhn.redhat.com/errata/RHSA-2015-2615.html https://access.redhat.com/errata/RHSA-2015:2544 https://github.com/kubernetes/kubernetes/pull/17886 https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5 https://github.com/openshift/origin/pull/6113 https://access.redhat.com/security/cve/CVE-2015-7528 https://bugzilla.redhat.com/show_bug.cgi?id=1286745 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •