Vulnerabilities > Kubernetes > Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2020-8562 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Kubernetes As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. | 3.5 |
| 2022-01-07 | CVE-2021-25743 | Unspecified vulnerability in Kubernetes kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. | 2.1 |
| 2021-09-20 | CVE-2020-8561 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. | 4.0 |
| 2021-09-20 | CVE-2021-25740 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | 3.5 |
| 2021-09-20 | CVE-2021-25741 | Files or Directories Accessible to External Parties vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | 5.5 |
| 2021-09-06 | CVE-2021-25735 | Unspecified vulnerability in Kubernetes A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. | 6.5 |
| 2021-09-06 | CVE-2021-25737 | Open Redirect vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. | 4.9 |
| 2021-01-21 | CVE-2020-8554 | Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. | 5.0 |
| 2020-12-07 | CVE-2020-8566 | Information Exposure Through Log Files vulnerability in Kubernetes In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. | 2.1 |
| 2020-12-07 | CVE-2020-8565 | Information Exposure Through Log Files vulnerability in Kubernetes In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. | 2.1 |