SUSE CVE-2021-3493

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...

SUSE CVE-2022-1055

A use-after-free exists in the Linux Kernel in tcnewtfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5...

SUSE CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...

SUSE CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

SUSE CVE-2022-32250

net/netfilter/nftablesapi.c in the Linux kernel through 5.18.1 allows a local user able to create user/net namespaces to escalate privileges to root because an incorrect NFTSTATEFULEXPR check leads to a use-after-free...

CVE-2023-23455

A denial of service flaw was found in atmtcenqueue in net/sched/schatm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TCACTSHOT condition rather than valid classification results. Mitigation Th...

CVE-2022-47929

A NULL pointer dereference flaw was found in qdiscgraft in net/sched/schapi.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the allocworkqueue function return is not validated in time of failure, resulting in a system crash or leaked interna...

Authorization

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

CVE-2023-22736

A flaw was found in Red Hat GitOps, which is vulnerable to an authorization bypass in ArgoCD. This flaw allows users to deploy applications outside the allowed namespaces. The issue happens due to a logic error when interpreting the comma-separated namespaces list. To complete the attack, the...

PT-2023-1338

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.5.0-rc1 through 2.5.7 Argo CD version 2.6.0-rc4 Description The issue is related to an authorization bypass bug in Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. This bug allows a malicious Argo CD...

Enhancing Kubernetes security with user namespaces

Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25...

Popeye - A Kubernetes Cluster Resource Sanitizer

Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects...

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...

Prototype Pollution

nodebb is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the Namespaces attribute in the index.js and modify attributes such as proto, constructor, and prototype...

Capsule Console 安全漏洞

Capsule Console is a web interface for Capsule8 from Capsule USA, Inc. for event management, sensor configuration, and system analysis. A security vulnerability exists in versions of Capsule prior to 0.1.3, which stems from the fact that an attacker can detach namespaces from tenants that are...

kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...

kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...

VulnCheck KEV: CVE-2021-3493

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

Linux Kernel Privilege Escalation Vulnerability

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...