20 matches found
Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)
Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...
PT-2025-33645 · Undefined · Undefined
🚨 URGENT: Kubernetes admins must patch CVE-2025-02383 SUSE-2025-02383-2 ✅ Affects: kube-apiserver v1.26.x ✅ Risk: Moderate-severity RBAC bypass. ✅ Fix: Apply SUSE patches NOW + validate with kube-bench. Read more: 👉 https://t.co/VRCE9nkHn3 https://t.co/ukAF3LWe56...
kubernetes1.32-apiserver-1.32.6-1.1 on GA media (moderate)
kubernetes1.32-apiserver-1.32.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:15236-1 Rating: moderate Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-22872 SUSE : 6.3...
OPENSUSE-SU-2025:15236-1 kubernetes1.32-apiserver-1.32.6-1.1 on GA media
These are all security issues fixed in the kubernetes1.32-apiserver-1.32.6-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:15234-1 kubernetes1.30-apiserver-1.30.14-1.1 on GA media
These are all security issues fixed in the kubernetes1.30-apiserver-1.30.14-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-32963
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
GO-2025-3637 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator
Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2025-32963
MinIO Operator STS (Kubernetes IAM) flaw: before v7.1.0, the spec.audiences default could be the Kubernetes API server, allowing replay to internal systems. Root cause: unscoped audiences enable trust beyond intended scope. Impact: tokens could be replayed to other components; mitigated only by p...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS
MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...
kubernetes1.29-apiserver-1.29.15-1.1 on GA media (moderate)
kubernetes1.29-apiserver-1.29.15-1.1 on GA media Announcement ID: openSUSE-SU-2025:14924-1 Rating: moderate Cross-References: CVE-2025-1767 CVSS scores: CVE-2025-1767 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2025-1767 SUSE : 8.5...
OPENSUSE-SU-2025:14818-1 kubernetes1.31-apiserver-1.31.6-1.1 on GA media
These are all security issues fixed in the kubernetes1.31-apiserver-1.31.6-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10901-1 kubernetes-apiserver-1.22.2-21.2 on GA media
These are all security issues fixed in the kubernetes-apiserver-1.22.2-21.2 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13716-1 kubernetes1.24-apiserver-1.24.17-3.1 on GA media
These are all security issues fixed in the kubernetes1.24-apiserver-1.24.17-3.1 package on the GA media of openSUSE Tumbleweed...
Exploit for Server-Side Request Forgery in Kubernetes Apiserver
CVE-2022-3172 demo Run poc.sh create...
SUSE CVE-2019-11247
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...
UBUNTU-CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
PT-2020-9171 · Kubernetes +1 · Kubernetes Api Server +2
Name of the Vulnerable Software and Affected Versions: Kubernetes API Server versions 1.1 through 1.14 Kubernetes API Server versions prior to 1.15.10 Kubernetes API Server versions prior to 1.16.7 Kubernetes API Server versions prior to 1.17.3 Description: The issue allows an authorized user to...
PT-2020-6970 · Kubernetes +2 · Kubernetes Kube-Apiserver +3
Name of the Vulnerable Software and Affected Versions: Kubernetes kube-apiserver versions v1.6 through v1.15 Kubernetes kube-apiserver versions prior to v1.16.13 Kubernetes kube-apiserver versions prior to v1.17.9 Kubernetes kube-apiserver versions prior to v1.18.6 Description: The issue is relat...
Code injection
Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with...