52 matches found
EUVD-2023-2032
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-2728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers...
SUSE CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account's secrets field...
OESA-2024-1577 kubernetes security update
Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...
OESA-2024-1576 kubernetes security update
Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...
OESA-2024-1550 kubernetes security update
Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...
Advisory ROSA-SA-2024-2405
software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...
AZL-40016 CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...
CVE-2024-3177
A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...
kube-apiserver: PrivEsc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...
kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...
kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...
PT-2023-16844 · Kubernetes · Kube-Apiserver
Name of the Vulnerable Software and Affected Versions: kube-apiserver affected versions not specified Description: An authentication bypass issue was discovered in kube-apiserver, allowing a remote, authenticated attacker with update, patch permissions on the pods/ephemeralcontainers subresource ...
kube-apiserver: PrivEsc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...
kube-apiserver: PrivEsc
An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...
OESA-2023-1415 kubernetes security update
Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...
OESA-2023-1414 kubernetes security update
Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...
Policy Bypass
github.com/kubernetes/kubernetes is vulnerable to Policy Bypass. The vulnerability exists in serviceaccount/admission.go, when ephemeral containers are used, which allows malicious users to start containers using restricted images, impacting the cluster if the ServiceAccount admission plugin is...
GHSA-CGCV-5272-97PR Kubernetes mountable secrets policy bypass
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...