Vulnerabilities > Kubernetes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-05 | CVE-2018-1002101 | Unspecified vulnerability in Kubernetes In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | 9.8 |
| 2018-09-10 | CVE-2016-7075 | It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. | 8.1 |
| 2018-06-02 | CVE-2018-1002100 | Improper Input Validation vulnerability in Kubernetes In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | 5.5 |
| 2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 8.8 |
| 2018-03-13 | CVE-2017-1002102 | Unspecified vulnerability in Kubernetes In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | 5.6 |
| 2018-03-13 | CVE-2017-1002101 | Link Following vulnerability in Kubernetes In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | 9.6 |
| 2017-09-14 | CVE-2017-1002100 | Information Exposure vulnerability in Kubernetes Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. | 6.5 |
| 2017-08-07 | CVE-2015-7561 | Permissions, Privileges, and Access Controls vulnerability in multiple products Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | 3.1 |
| 2017-07-17 | CVE-2017-1000056 | Missing Authorization vulnerability in Kubernetes Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | 9.8 |
| 2016-04-11 | CVE-2015-7528 | Information Exposure vulnerability in multiple products Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | 5.3 |