144 matches found
SUSE SLES15: kubernetes1.24-apiserver / kubernetes1.24-client / etc (SUSE-SU-2023:2544-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2544-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...
SUSE SLES15: kubernetes1.23-apiserver / kubernetes1.23-client / etc (SUSE-SU-2023:2543-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2543-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...
SUSE-SU-2023:2544-1 Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin bsc1211631...
SUSE-SU-2023:2543-1 Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin bsc1211631...
SUSE-SU-2023:2541-1 Security update for kubernetes1.18
This update for kubernetes1.18 fixes the following issues: - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. - CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin bsc1211631...
SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.18 (SUSE-SU-2023:2541-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2541-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...
CVE-2023-2728
A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...
PT-2023-21049 · Unknown +3 · Kubernetes +2
Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: The issue allows users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. This policy ensures...
Privilege Escalation
github.com/kubewarden/kubewarden-controller is vulnerable to Privilege Escalation. A remote authenticated attacker is able to read arbitrary secrets if they get access to the ServiceAccount of the kubewarden-controller which results in the exfiltration of all secret tokens in the cluster...
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes K8s Role-Based Access Control RBAC to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm...
Privilege escalation
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0...
CVE-2023-22645
CVE-2023-22645 (SUSE kubewarden): An improper privilege management flaw in the kubewarden-controller allows an attacker with access to the controller’s ServiceAccount to read arbitrary secrets, potentially exfiltrating secret tokens from the cluster. Affected product/component: SUSE kubewarden ku...
CVE-2023-22645 kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0...
SUSE CVE-2023-22645
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0...
GHSA-X45C-CVP8-Q4FM Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Capsule implements a multi-tenant and policy-based environment in a Kubernetes cluster. A ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operato...
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Capsule implements a multi-tenant and policy-based environment in a Kubernetes cluster. A ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule Operato...
CVE-2022-46167
Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule...
Design/Logic Flaw
Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule...
CVE-2022-46167 Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule...
CVE-2022-46167 Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
Capsule is a multi-tenancy and policy-based framework for Kubernetes. Prior to version 0.1.3, a ServiceAccount deployed in a Tenant Namespace, when granted with PATCH capabilities on its own Namespace, is able to edit it and remove the Owner Reference, breaking the reconciliation of the Capsule...