33 matches found
EUVD-2023-2130
Malicious code in bioql PyPI...
RHEL 9 : Red Hat build of MicroShift 4.14.0 (RHSA-2023:5008)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5008 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...
Advisory ROSA-SA-2024-2405
software: kubernetes 1.25.15 WASP: ROSA-CHROME packageevrstring: kubernetes-1.25.15-1 CVE-ID: CVE-2023-2431 BDU-ID: 2023-03899 CVE-Crit: LOW CVE-DESC.: A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient validation o...
kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
kube-apiserver: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
A flaw was found in Kubernetes, where users may be able to launch containers using images restricted by the ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
SUSE SLES15 / openSUSE 15 Security Update : kubernetes1.24 (SUSE-SU-2023:3260-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3260-1 advisory. - Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral...
Policy Bypass
github.com/kubernetes/kubernetes is vulnerable to Policy Bypass. The vulnerability exists in imagepolicy/admission.go, when ephemeral containers are used, which allows malicious users to start containers using restricted images, impacting the cluster if the ImagePolicyWebhook admission plugin is...
kube-apiserver vulnerable to policy bypass
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
GHSA-QC2G-GMH6-95P4 kube-apiserver vulnerable to policy bypass
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
Authentication flaw
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...
CVE-2023-2727
CVE-2023-2727: Kubernetes clusters that use ephemeral containers are affected when the ImagePolicyWebhook admission plugin is used together with ephemeral containers; this may allow launching containers from images restricted by ImagePolicyWebhook. The vulnerability is described in the initial do...
Oracle Linux 8 : kubernetes (ELSA-2023-12561)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12561 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 8 : olcne (ELSA-2023-25546)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-25546 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 Tenable has extracted the preceding description block directly from the Oracle Linux...
Oracle Linux 7 : kubernetes (ELSA-2023-12563)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12563 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 -...