Lucene search
+L

168 matches found

Cvelist
Cvelist
added 2022/09/07 8:20 a.m.39 views

CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...

9.9CVSS9.4AI score0.03105EPSS
Exploits3References2
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.6 views

Rancher Labs Rancher 信息泄露漏洞

Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. An information disclosure vulnerability exists in Rancher for SUSE versions 2.5.0 through 2.5.12 and 2.6.0 through 2.6.3, which stems from the explicit...

9.9CVSS8.2AI score0.00671EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/19 12:0 a.m.3 views

CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...

9.9CVSS7.2AI score0.03105EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.6 views

Fedora: Security Advisory for golang-k8s-code-generator (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/06/16 5:16 p.m.6 views

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS6.6AI score0.02827EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/16 10:2 a.m.14 views

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS6.6AI score0.02827EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/14 5:38 p.m.11 views

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS6.6AI score0.02827EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/13 2:40 p.m.6 views

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

7.8CVSS6.6AI score0.02827EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.7 views

The vulnerability of the kube-apiserver component, which is part of the Kubernetes cluster management software, allows a attacker to compromise data integrity and cause service failures.

The vulnerability of the kube-apiserver component, which is part of the Kubernetes cluster management software, is related to improper authentication. Exploiting this vulnerability allows a remote attacker to compromise data integrity and cause service failures...

8.5CVSS6.5AI score0.05524EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2022/02/23 9:17 p.m.62 views

GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy

Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...

8.8CVSS8.8AI score0.01397EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/02/22 7:55 p.m.6 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.9AI score0.01397EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.4 views

capsule-proxy 授权问题漏洞

The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...

8.8CVSS7.8AI score0.01397EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.2 views

PT-2022-2954 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...

9CVSS7.6AI score0.01397EPSS
Exploits1References11
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/04 5:41 p.m.21 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...

6.5CVSS6.8AI score0.05524EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/11 3:44 p.m.37 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote authenticate...

6.3CVSS0.2AI score0.09274EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/18 3:42 p.m.46 views

Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.1CVSS6.6AI score0.01099EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/05/18 3:42 p.m.22 views

GHSA-XHG2-RVM8-W2JH Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

8.7CVSS6.5AI score0.01099EPSS
Exploits0References4
OSV
OSV
added 2021/05/18 3:38 p.m.22 views

GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS7.5AI score0.25939EPSS
Exploits2References10
CNNVD
CNNVD
added 2021/03/16 12:0 a.m.17 views

Rohan Kumar kubernetes-client 路径遍历漏洞

Rohan Kumar kubernetes-client is an open source application by Rohan Kumar. Provides smooth DSL access to the full Kubernetes and OpenShift REST APIs. A security vulnerability exists in fabric8 kubernetes-client in version 4.2.0 and after, which stems from the copy command lifting files outside o...

7.4CVSS6.6AI score0.01312EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/11 10:40 a.m.40 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)

Summary Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote...

6.3CVSS0.2AI score0.09274EPSS
Exploits3Affected Software1
Rows per page
Query Builder