Vulnerabilities > Kubernetes

DATE CVE VULNERABILITY TITLE RISK
2023-05-24 CVE-2023-1944 Use of Hard-coded Credentials vulnerability in Kubernetes Minikube
This vulnerability enables ssh access to minikube container using a default password.
local
low complexity
kubernetes CWE-798
7.8
2023-03-01 CVE-2022-3162 Path Traversal vulnerability in Kubernetes
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization.
network
low complexity
kubernetes CWE-22
6.5
2023-03-01 CVE-2022-3294 Unspecified vulnerability in Kubernetes
Users may have access to secure endpoints in the control plane network.
network
low complexity
kubernetes
8.8
2022-07-12 CVE-2022-2385 Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
network
kubernetes
6.0
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-05-06 CVE-2021-25745 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
8.1
2022-05-06 CVE-2021-25746 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
7.1
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
4.6
2022-03-16 CVE-2022-0811 Code Injection vulnerability in Kubernetes Cri-O
A flaw was found in CRI-O in the way it set kernel options for a pod.
network
low complexity
kubernetes CWE-94
critical
9.0
2022-02-09 CVE-2022-0532 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier.
4.9