Lucene search
+L

169 matches found

OSV
OSV
added 2020/03/27 3:15 p.m.2 views

DEBIAN-CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

4.3CVSS5.7AI score0.02428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/23 12:0 a.m.6 views

PT-2020-20204 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.15.9 Kubernetes versions 1.16.0 through 1.16.6 Kubernetes versions 1.17.0 through 1.17.2 Description: The Kubernetes API server component has been found to be vulnerable to a denial of service attack via...

8.8CVSS6.1AI score0.03679EPSS
Exploits5References35
RedhatCVE
RedhatCVE
added 2019/12/17 8:41 p.m.40 views

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

2.6CVSS4.1AI score0.00618EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/06 5:49 p.m.33 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerability (CVE-2019-11253)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253. Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...

7.5CVSS0.3AI score0.25939EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/25 4:46 p.m.38 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2019-11253)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that exposes it to a denial of service attack via malicious YAML or JSON payloads CVE-2019-11253 Vulnerability Details CVE-ID: CVE-2019-11253 Description: The Kubernetes API server is...

7.5CVSS0.25939EPSS
Exploits2Affected Software1
OSV
OSV
added 2019/10/17 4:15 p.m.1 views

DEBIAN-CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS6.3AI score0.25939EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2019/10/17 4:15 p.m.32 views

CVE-2019-11253

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

7.5CVSS6.8AI score0.25939EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2019/10/10 12:9 a.m.31 views

CVE-2019-1002100

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service. Mitigation Remove ‘patch’ permissions from untruste...

6.5CVSS4.1AI score0.10606EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.35 views

Security Bulletin: A Security Vulnerability Has Been Identified In IBM Cloud Private shipped with IBM Cloud Private for Data - CVE-ID: CVE-2018-1002105

Summary IBM Cloud Private is shipped with IBM Cloud Private for Data. Information about a security vulnerability affecting IBM Cloud Private has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the Remediation/Fixes section Affected Products an...

1.1AI score0.86978EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/10/03 10:50 p.m.53 views

Security Bulletin: IBM Cloud Private for Data is affected by a privilege escalation vulnerability in Kubernetes API server

Summary IBM Cloud Private for Data is affected by a security vulnerability in Kubernetes which in some cases can allow unauthorized access to the Kubernetes API Server and/or trusted user privilege escalation. Vulnerability Details CVEID: CVE-2018-1002105 DESCRIPTION: Kubernetes could allow a...

9.8CVSS1.5AI score0.86978EPSS
Exploits10Affected Software1
NVD
NVD
added 2019/09/04 2:15 p.m.21 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.1CVSS6.6AI score0.01099EPSS
Exploits0References2
OSV
OSV
added 2019/09/04 2:15 p.m.23 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.1CVSS7.2AI score0.01099EPSS
Exploits0References2
Prion
Prion
added 2019/09/04 2:15 p.m.26 views

Cross site scripting

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

4.3CVSS6.5AI score0.01099EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/04 1:40 p.m.24 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.5AI score0.01099EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/08/15 1:28 p.m.7 views

kubernetes: API server allows access to cluster-scoped custom resources as if resources were namespaced

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

8.1CVSS7.3AI score0.02092EPSS
Exploits0References5
NVD
NVD
added 2019/07/30 11:15 p.m.36 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

2.3CVSS3.7AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2019/07/30 11:15 p.m.8 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

2.3CVSS5.8AI score0.00384EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/30 10:18 p.m.44 views

CVE-2019-10165

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources...

2.3CVSS3.8AI score0.00384EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/07/24 9:1 p.m.4 views

kube-apiserver: DoS with crafted patch of type json-patch

A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...

6.5CVSS6.8AI score0.10606EPSS
Exploits0References5
Prion
Prion
added 2019/05/17 4:29 p.m.14 views

Code injection

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145...

5CVSS5AI score0.01022EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder