Vulnerabilities > Kubernetes > Kubernetes > 1.5.2

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-11249 Permissions, Privileges, and Access Controls vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
5.8
2019-08-29 CVE-2019-11248 Information Exposure vulnerability in Kubernetes
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port.
network
low complexity
kubernetes CWE-200
6.4
2019-08-29 CVE-2019-11246 Path Traversal vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
network
low complexity
kubernetes CWE-22
6.5
2019-04-02 CVE-2019-9946 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes.
network
low complexity
kubernetes cncf netapp CWE-670
7.5
2019-04-01 CVE-2019-1002100 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g.
network
low complexity
kubernetes redhat CWE-770
6.5
2018-12-05 CVE-2018-1002105 7PK - Errors vulnerability in multiple products
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
network
low complexity
kubernetes redhat netapp CWE-388
critical
9.8
2018-06-02 CVE-2018-1002100 Improper Input Validation vulnerability in Kubernetes
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
local
low complexity
kubernetes CWE-20
3.6
2018-03-13 CVE-2017-1002102 Unspecified vulnerability in Kubernetes
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
local
kubernetes
6.3
2018-03-13 CVE-2017-1002101 Link Following vulnerability in Kubernetes
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
network
low complexity
kubernetes CWE-59
5.5
2017-07-17 CVE-2017-1000056 Missing Authorization vulnerability in Kubernetes
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
network
low complexity
kubernetes CWE-862
7.5