CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Snyk•added 2026/03/18 4:41 a.m.•1 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00063EPSS

Exploits1References2

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-8554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to th...

6.3CVSS6.6AI score0.25265EPSS

Exploits3References2

Github Security Blog•added 2022/02/08 9:50 p.m.•25 views

Unverified Ownership in Kubernetes

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

6.3CVSS5.6AI score0.25265EPSS

Exploits3References12Affected Software1

OSV•added 2022/02/08 9:50 p.m.•28 views

GHSA-J9WF-VVM6-4R9W Unverified Ownership in Kubernetes

5CVSS5.6AI score0.25265EPSS

Exploits3References12

IBM Security Bulletins•added 2021/03/11 10:40 a.m.•39 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)

Summary Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote...

6.3CVSS0.2AI score0.25265EPSS

Exploits3Affected Software1

OSV•added 2021/01/21 5:15 p.m.•3 views

AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1

5CVSS6.7AI score0.25265EPSS

Exploits3References1

OSV•added 2021/01/21 5:15 p.m.•24 views

CVE-2020-8554

5CVSS9.2AI score

Exploits0References9

OSV•added 2021/01/21 5:15 p.m.•2 views

AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1

5CVSS6.7AI score0.25265EPSS

Exploits3References1

Prion•added 2021/01/21 5:15 p.m.•17 views

Code injection

6CVSS4.9AI score0.25265EPSS

Exploits3References9Affected Software3

UbuntuCve•added 2021/01/21 5:15 p.m.•35 views

CVE-2020-8554

6.3CVSS6.8AI score0.25265EPSS

Exploits3References3

Cvelist•added 2021/01/21 5:9 p.m.•23 views

CVE-2020-8554 Kubernetes man in the middle using LoadBalancer or ExternalIPs

6.3CVSS6.2AI score0.25265EPSS

Exploits3References10

Debian CVE•added 2021/01/21 5:9 p.m.•29 views

CVE-2020-8554

6.3CVSS5.8AI score0.25265EPSS

Exploits3

GitLab Advisory Database•added 2021/01/21 12:0 a.m.•31 views

Incorrect Authorization

6.3CVSS4.9AI score0.25265EPSS

Exploits3References1

Hacker One•added 2019/12/27 6:5 a.m.•94 views

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...

6CVSS5.6AI score0.25265EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by