Vulnerabilities > Kubernetes

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-5528 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes fedoraproject
8.8
2023-11-03 CVE-2022-3172 Server-Side Request Forgery (SSRF) vulnerability in Kubernetes Apiserver
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL.
network
low complexity
kubernetes CWE-918
8.2
2023-11-03 CVE-2023-3893 Unspecified vulnerability in Kubernetes CSI Proxy
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes
8.8
2023-10-31 CVE-2023-3676 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8
2023-10-31 CVE-2023-3955 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8
2023-10-30 CVE-2021-25736 Unspecified vulnerability in Kubernetes
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field.
network
high complexity
kubernetes
6.3
2023-10-25 CVE-2022-4886 Unspecified vulnerability in Kubernetes Ingress-Nginx
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
network
low complexity
kubernetes
6.5
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8
2023-10-25 CVE-2023-5044 Code Injection vulnerability in Kubernetes Ingress-Nginx
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
network
low complexity
kubernetes CWE-94
8.8
2023-10-12 CVE-2023-1943 Unspecified vulnerability in Kubernetes Operations
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.
low complexity
kubernetes
8.8