5 matches found
GHSA-Q6H5-Q3Q6-F87X CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...
WordPress Mail Mint plugin <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload vulnerability
Authenticated Admin+ Arbitrary File Upload vulnerability discovered by vodanh in WordPress Plugin Mail Mint versions = 1.18.10...
DEBIAN-CVE-2020-8564
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...
PT-2020-20210 · Linux Foundation +2 · Kubernetes +1
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 Description: The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config...
PT-2020-20211
Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to v1.20.0-alpha2 Kubernetes versions 1.19.3 and earlier Kubernetes versions 1.18.10 and earlier Kubernetes versions 1.17.13 and earlier Description In Kubernetes, if the logging level is set to at least 9,...