Vulnerabilities > Kubernetes > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-1002103 Cross-Site Request Forgery (CSRF) vulnerability in Kubernetes Minikube
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000.
network
low complexity
kubernetes CWE-352
8.8
2018-09-10 CVE-2016-7075 It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields.
network
high complexity
kubernetes redhat
8.1
2018-05-18 CVE-2018-1000400 Improper Privilege Management vulnerability in Kubernetes Cri-O
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have.
network
low complexity
kubernetes CWE-269
8.8
2016-02-03 CVE-2016-1905 Improper Access Control vulnerability in Kubernetes
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
network
low complexity
kubernetes CWE-284
7.7