47 matches found
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper access control, allowing an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the ingress-nginx controller...
Arbitrary Code Execution (ACE)
k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper validation and sanitization of user-supplied input in the auth-url Ingress annotation, allowing attackers to inject arbitrary nginx configuration directives...
GO-2025-3564 ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2025-3567 ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
GO-2024-3277 Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes...
Race Condition
k8s.io/kubernetes is vulnerable to Race Condition. The vulnerability is caused due to Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this...
GO-2022-0983 ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
ANSI escape characters not filtered in kubectl in k8s.io/kubernetes...
GO-2022-0907 Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes...
GO-2022-0890 Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
Server Side Request Forgery SSRF in Kubernetes in k8s.io/kubernetes...
GO-2022-0867 Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes...
GO-2022-0886 Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
Kubernetes Arbitrary Command Injection in k8s.io/kubernetes...
GO-2022-0885 Improper Authentication in Kubernetes in k8s.io/kubernetes
Improper Authentication in Kubernetes in k8s.io/kubernetes...
GO-2022-0802 Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes...
GO-2022-0782 Symlink Attack in kubectl cp in k8s.io/kubernetes
Symlink Attack in kubectl cp in k8s.io/kubernetes...
GO-2022-0703 XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes...
GO-2023-2341 Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes...
GO-2023-2159 Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes...
GO-2023-2170 Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...
GO-2023-2330 Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes...
GO-2023-1959 Kubernetes arbitrary file overwrite in k8s.io/kubernetes
Kubernetes arbitrary file overwrite in k8s.io/kubernetes...