Vulnerabilities > Kubernetes > Kubernetes > 1.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-17 | CVE-2019-11253 | XML Entity Expansion vulnerability in multiple products Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. | 7.5 |
| 2019-08-29 | CVE-2019-11250 | Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. | 6.5 |
| 2019-08-29 | CVE-2019-11249 | Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 6.5 |
| 2019-08-29 | CVE-2019-11248 | Missing Authorization vulnerability in Kubernetes The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. | 8.2 |
| 2019-08-29 | CVE-2019-11247 | Incorrect Authorization vulnerability in multiple products The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. | 8.1 |
| 2019-08-29 | CVE-2019-11246 | Path Traversal vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 6.5 |
| 2019-04-22 | CVE-2019-11244 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). | 5.0 |
| 2019-04-02 | CVE-2019-9946 | Always-Incorrect Control Flow Implementation vulnerability in multiple products Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. | 7.5 |
| 2019-04-01 | CVE-2019-1002100 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. | 6.5 |
| 2018-12-05 | CVE-2018-1002105 | 7PK - Errors vulnerability in multiple products In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | 9.8 |