Vulnerabilities > Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-5044 | Code Injection vulnerability in Kubernetes Ingress-Nginx Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 8.8 |
| 2023-10-12 | CVE-2023-1943 | Unspecified vulnerability in Kubernetes Operations Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. low complexity kubernetes | 8.8 |
| 2023-09-25 | CVE-2022-4318 | Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products A vulnerability was found in cri-o. | 7.8 |
| 2023-09-24 | CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. | 8.0 |
| 2023-09-15 | CVE-2022-3466 | Incorrect Default Permissions vulnerability in multiple products The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. | 5.3 |
| 2023-07-03 | CVE-2023-2727 | Unspecified vulnerability in Kubernetes Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. | 6.5 |
| 2023-07-03 | CVE-2023-2728 | Unspecified vulnerability in Kubernetes Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. | 6.5 |
| 2023-06-16 | CVE-2023-2431 | A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. | 5.5 |
| 2023-06-07 | CVE-2023-2878 | Information Exposure Through Log Files vulnerability in Kubernetes Secrets-Store-Csi-Driver Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | 5.5 |
| 2023-05-24 | CVE-2021-25748 | Unspecified vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. | 6.5 |