Vulnerabilities > Kubernetes > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-03 | CVE-2019-11251 | Link Following vulnerability in Kubernetes The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. | 5.7 |
2020-01-14 | CVE-2018-1002104 | Improper Input Validation vulnerability in Kubernetes Nginx Ingress Controller Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | 5.3 |
2019-12-05 | CVE-2019-11255 | Improper Input Validation vulnerability in multiple products Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | 6.5 |
2019-11-25 | CVE-2019-14891 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. | 5.0 |
2019-11-05 | CVE-2019-10223 | Information Exposure vulnerability in multiple products A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. | 6.5 |
2019-08-29 | CVE-2019-11250 | Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. | 6.5 |
2019-08-29 | CVE-2019-11249 | Path Traversal vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 6.5 |
2019-08-29 | CVE-2019-11246 | Path Traversal vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 6.5 |
2019-04-22 | CVE-2019-11244 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). | 5.0 |
2019-04-01 | CVE-2019-1002101 | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |