168 matches found
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...
Rancher Labs Rancher 信息泄露漏洞
Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. An information disclosure vulnerability exists in Rancher for SUSE versions 2.5.0 through 2.5.12 and 2.6.0 through 2.6.3, which stems from the explicit...
CVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...
Fedora: Security Advisory for golang-k8s-code-generator (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
The vulnerability of the kube-apiserver component, which is part of the Kubernetes cluster management software, allows a attacker to compromise data integrity and cause service failures.
The vulnerability of the kube-apiserver component, which is part of the Kubernetes cluster management software, is related to improper authentication. Exploiting this vulnerability allows a remote attacker to compromise data integrity and cause service failures...
GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy
Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
capsule-proxy 授权问题漏洞
The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...
PT-2022-2954 · Unknown · Capsule-Proxy
Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote authenticate...
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...
GHSA-XHG2-RVM8-W2JH Rancher Vulnerable to Cross-site Request Forgery (CSRF)
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...
GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
Rohan Kumar kubernetes-client 路径遍历漏洞
Rohan Kumar kubernetes-client is an open source application by Rohan Kumar. Provides smooth DSL access to the full Kubernetes and OpenShift REST APIs. A security vulnerability exists in fabric8 kubernetes-client in version 4.2.0 and after, which stems from the copy command lifting files outside o...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)
Summary Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote...