Vulnerabilities > Kubernetes

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2022-27652 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions.
5.3
2022-03-16 CVE-2022-0811 Code Injection vulnerability in Kubernetes Cri-O
A flaw was found in CRI-O in the way it set kernel options for a pod.
network
low complexity
kubernetes CWE-94
8.8
2022-02-09 CVE-2022-0532 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier.
network
high complexity
kubernetes redhat CWE-732
4.2
2022-02-01 CVE-2020-8562 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Kubernetes
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers.
network
high complexity
kubernetes CWE-367
3.1
2022-01-07 CVE-2021-25743 Unspecified vulnerability in Kubernetes
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal.
network
high complexity
kubernetes
3.0
2021-10-29 CVE-2021-25742 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
network
low complexity
kubernetes netapp
7.1
2021-10-11 CVE-2021-25738 Deserialization of Untrusted Data vulnerability in Kubernetes Java
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
local
low complexity
kubernetes CWE-502
6.7
2021-09-20 CVE-2020-8561 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes 1.20.11/1.21.5/1.22.2
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver.
network
low complexity
kubernetes CWE-610
4.1
2021-09-20 CVE-2021-25740 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
network
high complexity
kubernetes CWE-610
3.1
2021-09-20 CVE-2021-25741 Files or Directories Accessible to External Parties vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
network
low complexity
kubernetes CWE-552
8.1