547 matches found
Allocation of Resources Without Limits or Throttling
The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests...
CVE-2020-8552
A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash. Mitigation Prevent unauthenticated or unauthorized access to all APIs...
PT-2020-20204 · Kubernetes +1 · Kubernetes +1
Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.15.9 Kubernetes versions 1.16.0 through 1.16.6 Kubernetes versions 1.17.0 through 1.17.2 Description: The Kubernetes API server component has been found to be vulnerable to a denial of service attack via...
CVE-2019-19335
During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions...
CVE-2019-19335
During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions...
Razer: RXSS at https://api.easy2pay.co/inquiry.php via txid parameter.
The tester discovered a reflected XSS on an API server related to Razer Pay TH. Note this is not a site that users will typically visit via a web browser front end. Razer thanks the tester for his diligence and the clear report...
Fedora 31 : kubernetes (2020-943f4b03d2)
Update to v1.15.7 CVE-2018-1002102 kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints Note that Tenable Network Security has extracted the preceding description block direct...
Kubernetes API Server Denial Of Service (CVE-2019-11253)
A denial-of-service vulnerability exists in Kubernetes API Server. An attacker can exploit this issue by sending a maliciously crafted JSON or YAML file causing the API server to consume excessive CPU or memory. A successful attack can cause the service to crash leading to a denial of service...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
Input validation
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
CVE-2018-1002102
CVE-2018-1002102 involves improper validation of URL redirection in the Kubernetes API server before v1.14.0. An attacker-controlled Kubelet could cause the API server to redirect streaming endpoint requests to arbitrary hosts, and the API server would follow the redirect as a GET with client-cer...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
CVE-2018-1002102 Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service
A flaw was found kubernetes. The parsing of YAML manifests by the Kubernetes API server could lead to a denial-of-service attack leaving it vulnerable to an instance of a "billion laughs" attack. The highest threat from this vulnerability is to system availability...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes security vulnerability (CVE-2019-11247)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in Kubernetes API server that allows access to custom resources via wrong scope CVE-2019-11247. Vulnerability Details CVE-ID: CVE-2019-11247 Description: Kubernetes could allow a remote authenticated attacker to gain...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253 Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...
kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...