Vulnerabilities > Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-24 | CVE-2021-25749 | Unspecified vulnerability in Kubernetes Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | 7.8 |
| 2023-05-24 | CVE-2023-1174 | Unspecified vulnerability in Kubernetes Minikube This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | 9.8 |
| 2023-05-24 | CVE-2023-1944 | Use of Hard-coded Credentials vulnerability in Kubernetes Minikube This vulnerability enables ssh access to minikube container using a default password. | 7.8 |
| 2023-03-01 | CVE-2022-3162 | Path Traversal vulnerability in Kubernetes Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. | 6.5 |
| 2023-03-01 | CVE-2022-3294 | Unspecified vulnerability in Kubernetes Users may have access to secure endpoints in the control plane network. | 8.8 |
| 2022-09-19 | CVE-2022-2995 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
| 2022-07-12 | CVE-2022-2385 | Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | 8.8 |
| 2022-06-07 | CVE-2022-1708 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. | 7.5 |
| 2022-05-06 | CVE-2021-25745 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 8.1 |
| 2022-05-06 | CVE-2021-25746 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 7.1 |