15 matches found
When Cloud Outages Ripple Across the Internet
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted...
[SECURITY] Fedora 41 Update: kubernetes1.34-1.34.2-1.fc41
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
[SECURITY] Fedora 43 Update: kubernetes1.34-1.34.2-1.fc43
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
[SECURITY] Fedora 43 Update: kubernetes1.31-1.31.14-1.fc43
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
[SECURITY] Fedora 42 Update: kubernetes1.31-1.31.14-1.fc42
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
[SECURITY] Fedora 41 Update: kubernetes1.33-1.33.4-1.fc41
Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...
CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
PT-2024-29977 · Etcd +2 · Etcd +2
Name of the Vulnerable Software and Affected Versions: Kamaji versions 1.0.0 and earlier Description: The issue arises from Kamaji using an "open at the top" range definition in RBAC for etcd roles, allowing some TCPs API servers to read, write, and delete the data of other control planes. This c...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2023-5408)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that may allow an attacker to modify restricted node labels and bypass the node restriction admission plugin CVE-2023-5408. Vulnerability Details CVEID: CVE-2023-5408 Description: OpenShift...
CVE-2023-38495
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
Code injection
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2023-38495
Crossplane versions prior to 1.11.5, 1.12.3, and 1.13.0 have a flaw in the image backend where the byte contents of packages are not validated, allowing tampering to go undetected. The vulnerability is fixed in 1.11.5, 1.12.3, and 1.13.0. Workarounds include using images from trusted sources and ...
CVE-2023-38495 Crossplane vulnerable to possible image tampering from missing image validation for Packages
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2023-37900
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting i...
CVE-2023-37900 Crossplane vulnerable to denial of service from large image
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting i...