Lucene search
K

67 matches found

RedHat Linux
RedHat Linux
added 2019/08/15 1:28 p.m.5 views

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

8.1CVSS7.3AI score0.02092EPSS
Exploits0References5
NVD
NVD
added 2019/07/30 11:15 p.m.35 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

2.3CVSS3.7AI score0.00384EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/03 10:55 p.m.38 views

Security Bulletin: API Connect V2018 is impacted by vulnerability in the Kubernetes API server (CVE-2019-1002100)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-1002100 DESCRIPTION: The Kubernetes API server is vulnerable to a denial of service. By sending a specially crafted patch of type "json-patch" requests, a remote authenticated attacker could...

6.5CVSS1.5AI score0.10606EPSS
Exploits0Affected Software1
Cloud Foundry
Cloud Foundry
added 2019/01/08 12:0 a.m.33 views

Kubernetes API Server acts as proxy for internal and external IPs | Cloud Foundry

Severity Unspecified Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Cloud Foundry Container Runtime CFCR All versions prior to v0.26.0 Description Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote...

6.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/12/06 4:25 p.m.32 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in Kubernetes API server

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...

9.8CVSS0.7AI score0.86978EPSS
Exploits10Affected Software1
RedHat Linux
RedHat Linux
added 2016/03/03 4:22 p.m.6 views

server: build config to a strategy that isn't allowed by policy

An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the buil...

10CVSS7.4AI score0.04843EPSS
Exploits0References4
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.10 views

CVE-2019-11799

...

Exploits0
Rows per page
Query Builder