166 matches found
Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update
The Migration Toolkit for Containers MTC 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Bare Metal Operator 信息泄露漏洞
Bare Metal Operator is an open source application from Metal³ that uses the Kubernetes API to manage bare metal hosts. An information disclosure vulnerability exists in Bare Metal Operator versions prior to 0.3.0, which stems from the presence of plaintext username and hashed password disclosure...
SUSE CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...
SUSE CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
SUSE CVE-2018-1002105
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary reques...
SUSE CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...
SUSE CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
SUSE CVE-2022-1708
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...
Virtuozzo Hybrid Infrastructure 5.3 Update 1 (5.3.1-38)
This update provides new features for security, monitoring, and the compute service, as well as bug fixes and improvements. Vulnerability id: VSTOR-60452 It is impossible to start a cluster update after an eligibility check failure. Vulnerability id: VSTOR-60459 A stability fix for Windows...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
cri-o: memory exhaustion on the node when access to the kube api
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...
kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...
Information Disclosure
Rancher is vulnerable to information disclosure. Confidential information such as passwords and API keys are stored in kubernetes objects using plaintext which allows an attacker with read permission to retrieve plaintext passwords using the Kubernetes API...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a CRI-O security vulnerability (CVE-2022-1708)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kubernetes API. Vulnerability Details CVEID: CVE-2022-1708 Description: A vulnerability was found in CRI-O that causes memo...
PT-2022-20897 · Kubernetes +1 · Kube-Apiserver +2
Name of the Vulnerable Software and Affected Versions: kube-apiserver affected versions not specified Description: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected...
CVE-2021-36782
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...
Information disclosure
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...
CVE-2021-36782
CVE-2021-36782 concerns SUSE Rancher where sensitive fields, such as passwords, API keys and service account tokens, were stored in plaintext on Kubernetes objects (e.g., cluster.management.cattle.io) and exposed to authenticated users with cluster/project roles via the Kubernetes API. Affected R...
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...