Lucene search
K

137 matches found

Cvelist
Cvelist
added 2023/06/29 5:27 p.m.27 views

CVE-2023-33190 Improperly configured permissions in Sealos

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...

9.9CVSS9.6AI score0.00706EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/06/06 12:30 p.m.23 views

Kubestroyer - Kubernetes Exploitation Tool

Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known...

7.4AI score
Exploits0References4
CNNVD
CNNVD
added 2023/06/01 12:0 a.m.17 views

Rancher Labs Rancher 安全漏洞

Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. in the United States. A security vulnerability exists in Rancher Labs Rancher versions 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4, which stems from improper privilege management in SUSE Ranch...

9.9CVSS8.1AI score0.00715EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.27 views

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2292-1 advisory. - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion - Split individual completions into separate...

8.8CVSS6.7AI score0.01618EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/04/24 3:34 p.m.16 views

CVE-2023-30622 Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called cluster-hub inside the clusternet-syste...

6.7CVSS7.2AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2023/03/22 7:15 p.m.35 views

CVE-2023-28114

cilium-cli is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,cilium-cli, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the etcd store used to mirror local cluster...

4.8CVSS4.9AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2023/03/22 6:30 p.m.64 views

CVE-2023-28114

CVE-2023-28114 affects the cilium-cli tool (pre-0.13.2). An incorrect mount point specification can cause the initContainer configuration that manages etcd users/permissions to be overwritten when configuring a clustermesh, potentially removing authorization enforcement on the etcd store used for...

4.8CVSS4.4AI score0.00192EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2023/03/15 10:11 a.m.77 views

New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining

Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening ...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/15 10:11 a.m.2 views

New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining

Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening ...

6.9AI score
Exploits0
Prion
Prion
added 2023/03/01 7:15 p.m.16 views

Input validation

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

6.5CVSS8.4AI score0.01618EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/01 12:0 a.m.37 views

CVE-2022-3294 Node address isn't always verified when proxying

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

6.6CVSS8.8AI score0.01618EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/03/01 12:0 a.m.63 views

CVE-2022-3294

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

8.8CVSS8.7AI score0.01618EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/02/15 9:46 p.m.50 views

Moderate: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.5 views

SUSE CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or...

6CVSS8.2AI score0.02428EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2023/02/07 5:23 p.m.47 views

Moderate: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

7.5CVSS8.2AI score0.05623EPSS
Exploits1References50
Veracode
Veracode
added 2023/02/02 3:4 a.m.30 views

Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability exists because the library stores sensitive plaintext information directly on Kubernetes Cluster objects , which allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to gain...

9.9CVSS8.3AI score0.00553EPSS
Exploits1References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.42 views

Oracle Linux 7 : kubernetes (ELSA-2022-10035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

10CVSS6.9AI score0.02701EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/10/11 7:15 p.m.3 views

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, becaus...

10CVSS5.8AI score0.02591EPSS
Exploits0References3Affected Software5
NVD
NVD
added 2022/10/11 7:15 p.m.50 views

CVE-2022-37968

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, becaus...

10CVSS0.02591EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/09/06 1:0 p.m.37 views

Moderate: Red Hat Security Advisory: RHSA: Submariner 0.13 - security and enhancement update

Submariner 0.13 packages that fix security issues and bugs, as well as adds various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

7.5CVSS6.9AI score0.01875EPSS
Exploits4References12
Rows per page
Query Builder