Vulnerabilities > Kubernetes > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-05 | CVE-2018-1002103 | Cross-Site Request Forgery (CSRF) vulnerability in Kubernetes Minikube In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. | 8.8 |
2018-09-10 | CVE-2016-7075 | It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. | 8.1 |
2018-05-18 | CVE-2018-1000400 | Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. | 8.8 |
2016-02-03 | CVE-2016-1905 | Improper Access Control vulnerability in Kubernetes The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | 7.7 |