CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

Design/Logic Flaw

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2020-8552

CVE-2020-8552 affects Kubernetes API server. The vulnerability is a denial-of-service caused by insecure handling of API requests. Affected versions are Kubernetes API server in: prior to 1.15.9, 1.16.0–1.16.6, and 1.17.0–1.17.2. Impact per the entry is partial availability loss (DoS) due to succ...

CVE-2020-8552 Kubernetes API server denial of service

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

Allocation of Resources Without Limits or Throttling

The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2020-8552

A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash. Mitigation Prevent unauthenticated or unauthorized access to all APIs...

CVE-2019-19335

During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions...

CVE-2019-19335

During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions...

Razer: RXSS at https://api.easy2pay.co/inquiry.php via txid parameter.

The tester discovered a reflected XSS on an API server related to Razer Pay TH. Note this is not a site that users will typically visit via a web browser front end. Razer thanks the tester for his diligence and the clear report...

Fedora 31 : kubernetes (2020-943f4b03d2)

Update to v1.15.7 CVE-2018-1002102 kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints Note that Tenable Network Security has extracted the preceding description block direct...

Kubernetes API Server Denial Of Service (CVE-2019-11253)

A denial-of-service vulnerability exists in Kubernetes API Server. An attacker can exploit this issue by sending a maliciously crafted JSON or YAML file causing the API server to consume excessive CPU or memory. A successful attack can cause the service to crash leading to a denial of service...

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

Input validation

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

CVE-2018-1002102 Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

CVE-2018-1002102

CVE-2018-1002102 involves improper validation of URL redirection in the Kubernetes API server before v1.14.0. An attacker-controlled Kubelet could cause the API server to redirect streaming endpoint requests to arbitrary hosts, and the API server would follow the redirect as a GET with client-cer...