Vulnerabilities > Kubernetes > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-01 CVE-2019-1002100 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g.
network
low complexity
kubernetes redhat CWE-770
6.5
2018-06-02 CVE-2018-1002100 Improper Input Validation vulnerability in Kubernetes
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
local
low complexity
kubernetes CWE-20
5.5
2018-03-13 CVE-2017-1002102 Unspecified vulnerability in Kubernetes
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
local
high complexity
kubernetes
5.6
2017-09-14 CVE-2017-1002100 Information Exposure vulnerability in Kubernetes
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet.
network
low complexity
kubernetes CWE-200
6.5
2016-04-11 CVE-2015-7528 Information Exposure vulnerability in multiple products
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
network
low complexity
kubernetes redhat CWE-200
5.3