GHSA-82HX-W2R5-C2WQ Kubernetes API Server DoS Via API Requests

The Kubernetes API server component in Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

Access Restriction Bypass in kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Specific Go Packages Affected github.com/kubernetes/kubernetes/pkg/apiserver...

Allocation of Resources Without Limits or Throttling

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

Portainer code issue vulnerability

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

Information Disclosure

github.com/portainer/agent is vulnerable to information disclosure. The API server may continue running even after the associated Portainer instance connection is terminated allowing remote attackers to gain access to sensitive information...

CVE-2022-24961

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days...

CVE-2022-24961

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days...

CVE-2022-24961

Portainer Agent (before 2.11.1) contains a vulnerability where the API server can continue running even if not associated with a Portainer instance in the recent days. This issue affects the Portainer Agent and is reflected in CVSS metrics indicating a HIGH to CRITICAL impact (Network, Low attack...

CVE-2022-24961

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days...

Unverified Ownership in Kubernetes

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

Why Security in Kubernetes Isn't the Same as in Linux: Part 2

Security for Kubernetes might not be quite the same as what you're used to. In our previous article, we covered why security is so important in both Linux on-premises servers and cloud Kubernetes clusters. We also talked about 3 major aspects of Linux server security — processes, network, and fil...

CVE-2020-8562 Bypass of Kubernetes API Server proxy TOCTOU

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

GHSA-RF3M-MHV7-X39F Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

Denial of Service in OpenShift Origin

The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...

GHSA-WXC4-F4M6-WWQV Excessive Platform Resource Consumption within a Loop in Kubernetes

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Excessive Platform Resource Consumption within a Loop in Kubernetes

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25737)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow a user to redirect pod traffic to private networks on a node CVE-2021-25737. Vulnerability Details CVEID: CVE-2021-25737 Description: Kubernetes could allow a remote...

In0ri - Defacement Detection With Deep Learning

In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize t...

XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...