Vulnerabilities > Kubernetes > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-03 CVE-2019-11251 Link Following vulnerability in Kubernetes
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation.
network
low complexity
kubernetes CWE-59
5.7
2020-01-14 CVE-2018-1002104 Improper Input Validation vulnerability in Kubernetes Nginx Ingress Controller
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
network
low complexity
kubernetes CWE-20
5.3
2019-12-05 CVE-2019-11255 Improper Input Validation vulnerability in multiple products
Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations.
network
low complexity
kubernetes redhat CWE-20
6.5
2019-11-25 CVE-2019-14891 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup.
network
high complexity
kubernetes fedoraproject redhat CWE-754
5.0
2019-11-05 CVE-2019-10223 Information Exposure vulnerability in multiple products
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1.
network
low complexity
kubernetes redhat CWE-200
6.5
2019-08-29 CVE-2019-11250 Information Exposure Through Log Files vulnerability in multiple products
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher.
network
low complexity
kubernetes redhat CWE-532
6.5
2019-08-29 CVE-2019-11249 Path Traversal vulnerability in multiple products
The kubectl cp command allows copying files between containers and the user machine.
network
low complexity
kubernetes redhat CWE-22
6.5
2019-08-29 CVE-2019-11246 Path Traversal vulnerability in Kubernetes
The kubectl cp command allows copying files between containers and the user machine.
network
low complexity
kubernetes CWE-22
6.5
2019-04-22 CVE-2019-11244 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-).
local
low complexity
kubernetes netapp redhat CWE-732
5.0
2019-04-01 CVE-2019-1002101 Link Following vulnerability in multiple products
The kubectl cp command allows copying files between containers and the user machine.
local
low complexity
kubernetes redhat CWE-59
5.5