Vulnerabilities > Kubernetes > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-24 CVE-2023-1260 An authentication bypass vulnerability was discovered in kube-apiserver.
network
high complexity
kubernetes redhat
8.0
2023-05-24 CVE-2021-25749 Unspecified vulnerability in Kubernetes
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
local
low complexity
kubernetes
7.8
2023-05-24 CVE-2023-1944 Use of Hard-coded Credentials vulnerability in Kubernetes Minikube
This vulnerability enables ssh access to minikube container using a default password.
local
low complexity
kubernetes CWE-798
7.8
2023-03-01 CVE-2022-3294 Unspecified vulnerability in Kubernetes
Users may have access to secure endpoints in the control plane network.
network
low complexity
kubernetes
8.8
2022-09-19 CVE-2022-2995 Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
kubernetes CWE-732
7.1
2022-07-12 CVE-2022-2385 Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
network
low complexity
kubernetes
8.8
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-05-06 CVE-2021-25745 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
8.1
2022-05-06 CVE-2021-25746 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
7.1
2022-03-16 CVE-2022-0811 Code Injection vulnerability in Kubernetes Cri-O
A flaw was found in CRI-O in the way it set kernel options for a pod.
network
low complexity
kubernetes CWE-94
8.8