Vulnerabilities > Kubernetes > Kubernetes > 1.12.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-05 | CVE-2018-1002102 | Open Redirect vulnerability in multiple products Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. | 2.6 |
2019-08-29 | CVE-2019-11250 | Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. | 3.5 |
2019-08-29 | CVE-2019-11249 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 5.8 |
2019-08-29 | CVE-2019-11247 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. | 6.5 |
2019-08-29 | CVE-2019-11246 | Path Traversal vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 6.5 |
2019-04-22 | CVE-2019-11244 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). | 1.9 |