Vulnerabilities > Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2021-25749 | Unspecified vulnerability in Kubernetes Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | 7.8 |
| 2023-05-24 | CVE-2023-1174 | Unspecified vulnerability in Kubernetes Minikube This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | 9.8 |
| 2023-05-24 | CVE-2023-1944 | Use of Hard-coded Credentials vulnerability in Kubernetes Minikube This vulnerability enables ssh access to minikube container using a default password. | 7.8 |
| 2023-03-01 | CVE-2022-3162 | Path Traversal vulnerability in Kubernetes Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. | 6.5 |
| 2023-03-01 | CVE-2022-3294 | Unspecified vulnerability in Kubernetes Users may have access to secure endpoints in the control plane network. | 8.8 |
| 2022-07-12 | CVE-2022-2385 | Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. network kubernetes | 6.0 |
| 2022-06-07 | CVE-2022-1708 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. | 7.5 |
| 2022-05-06 | CVE-2021-25745 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 8.1 |
| 2022-05-06 | CVE-2021-25746 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 7.1 |
| 2022-04-18 | CVE-2022-27652 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. | 4.6 |