Vulnerabilities > Kubernetes > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-24 | CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. | 8.0 |
2023-05-24 | CVE-2021-25749 | Unspecified vulnerability in Kubernetes Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | 7.8 |
2023-05-24 | CVE-2023-1944 | Use of Hard-coded Credentials vulnerability in Kubernetes Minikube This vulnerability enables ssh access to minikube container using a default password. | 7.8 |
2023-03-01 | CVE-2022-3294 | Unspecified vulnerability in Kubernetes Users may have access to secure endpoints in the control plane network. | 8.8 |
2022-09-19 | CVE-2022-2995 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
2022-07-12 | CVE-2022-2385 | Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | 8.8 |
2022-06-07 | CVE-2022-1708 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. | 7.5 |
2022-05-06 | CVE-2021-25745 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 8.1 |
2022-05-06 | CVE-2021-25746 | Improper Input Validation vulnerability in Kubernetes Ingress-Nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. | 7.1 |
2022-03-16 | CVE-2022-0811 | Code Injection vulnerability in Kubernetes Cri-O A flaw was found in CRI-O in the way it set kernel options for a pod. | 8.8 |