Lucene search
K

5 matches found

Kubernetes Security Advisories
Kubernetes Security Advisories
added 2025/09/15 4:59 a.m.5 views

Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N — Medium 6.8 A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows ...

6.8CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/25 7:36 p.m.44 views

Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster

Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...

8.8CVSS0.3AI score0.0047EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/06/02 2:15 p.m.35 views

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...

7CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2021/06/02 2:15 p.m.2 views

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...

7CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2021/06/02 1:22 p.m.28 views

CVE-2020-35514

An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...

6.7AI score0.00218EPSS
Exploits0References1
Rows per page
Query Builder