Vulnerabilities > Kubernetes > Kubernetes > 1.15.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-20 | CVE-2021-25741 | Files or Directories Accessible to External Parties vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | 8.1 |
| 2021-09-06 | CVE-2021-25735 | Unspecified vulnerability in Kubernetes A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. | 6.5 |
| 2020-12-07 | CVE-2020-8563 | Information Exposure Through Log Files vulnerability in Kubernetes In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. | 5.5 |
| 2020-07-27 | CVE-2020-8558 | Unspecified vulnerability in Kubernetes The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. low complexity kubernetes | 8.8 |
| 2020-07-23 | CVE-2020-8557 | Resource Exhaustion vulnerability in Kubernetes The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. | 5.5 |
| 2020-07-23 | CVE-2019-11252 | Information Exposure Through an Error Message vulnerability in Kubernetes The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | 6.5 |
| 2020-06-05 | CVE-2020-8555 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | 6.3 |
| 2020-04-01 | CVE-2019-11254 | Unspecified vulnerability in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | 6.5 |
| 2020-03-27 | CVE-2020-8552 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | 4.3 |
| 2020-03-27 | CVE-2020-8551 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | 6.5 |