682 matches found
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...
CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
Oracle Linux 8 : olcne (ELSA-2023-25546)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-25546 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 7 : olcne (ELSA-2023-25545)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-25545 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 Tenable has extracted the preceding description block directly from the Oracle Linux...
Fedora: Security Advisory for pcs (FEDORA-2023-ae96dd6105)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: pcs-0.11.6-1.fc38
pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters...
CVE-2023-33190 Improperly configured permissions in Sealos
Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control RBAC permissions resulted in an attacker being able to obtain cluster control permissions, which could contr...
Overly Permissive Trust Policies
aws-cdk is vulnerable to Overly Permissive Trust Policies. The vulnerability exists because the library's CreationRole and the default MastersRole use the account root principal in their trust policy, which allows eks.Cluster and eks.FargateCluster construct clusters to create two roles that have...
Privilege Escalation
github.com/stolostron/governance-policy-propagator is vulnerable to Privilege Escalation. In a formed policy, the library makes it possible for dynamically acquired policies to leverage cluster scoped access, enabling a local attacker to access resources from the namespace where the policy was...
PT-2023-25176 · Amazon · @Aws-Cdk/Aws-Eks +2
Name of the Vulnerable Software and Affected Versions: aws-cdk-lib versions 2.0.0 through 2.80.0 @aws-cdk/aws-eks versions 1.57.0 through 1.202.0 Description: The issue concerns the AWS Cloud Development Kit AWS CDK, an open-source software development framework. In the affected packages,...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.3 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
Kubestroyer - Kubernetes Exploitation Tool
Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known...
Rancher Labs Rancher 安全漏洞
Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. in the United States. A security vulnerability exists in Rancher Labs Rancher versions 2.6.0 through 2.6.13 and 2.7.0 through 2.7.4, which stems from improper privilege management in SUSE Ranch...
SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2292-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2292-1 advisory. - Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. CVE-2021-25749...
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
An advanced persistent threat APT actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an...
Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...