Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 9:44 p.m.6 views

Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)

Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...

8.2CVSS5.4AI score0.02464EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.6 views

PT-2025-33645 · Undefined · Undefined

🚨 URGENT: Kubernetes admins must patch CVE-2025-02383 SUSE-2025-02383-2 ✅ Affects: kube-apiserver v1.26.x ✅ Risk: Moderate-severity RBAC bypass. ✅ Fix: Apply SUSE patches NOW + validate with kube-bench. Read more: 👉 https://t.co/VRCE9nkHn3 https://t.co/ukAF3LWe56...

7.2AI score
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2025/07/05 12:0 a.m.4 views

kubernetes1.32-apiserver-1.32.6-1.1 on GA media (moderate)

kubernetes1.32-apiserver-1.32.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:15236-1 Rating: moderate Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-22872 SUSE : 6.3...

6.5CVSS7.4AI score0.0045EPSS
Exploits0
OSV
OSV
added 2025/07/03 12:0 a.m.3 views

OPENSUSE-SU-2025:15236-1 kubernetes1.32-apiserver-1.32.6-1.1 on GA media

These are all security issues fixed in the kubernetes1.32-apiserver-1.32.6-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS6.7AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/07/03 12:0 a.m.3 views

OPENSUSE-SU-2025:15234-1 kubernetes1.30-apiserver-1.30.14-1.1 on GA media

These are all security issues fixed in the kubernetes1.30-apiserver-1.30.14-1.1 package on the GA media of openSUSE Tumbleweed...

6.5CVSS6.7AI score0.0045EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/24 3:24 a.m.3 views

SUSE CVE-2025-32963

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS6.9AI score0.0054EPSS
Exploits0References3
OSV
OSV
added 2025/04/22 6:14 p.m.8 views

GO-2025-3637 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator

Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

6.9CVSS6.3AI score0.0054EPSS
Exploits0References2
CVE
CVE
added 2025/04/22 5:14 p.m.76 views

CVE-2025-32963

MinIO Operator STS (Kubernetes IAM) flaw: before v7.1.0, the spec.audiences default could be the Kubernetes API server, allowing replay to internal systems. Root cause: unscoped audiences enable trust beyond intended scope. Impact: tokens could be replayed to other components; mitigated only by p...

6.9CVSS6.5AI score0.0054EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/22 5:14 p.m.26 views

CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS0.0054EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/22 5:14 p.m.10 views

CVE-2025-32963 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS

MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the spec.audiences field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it...

6.9CVSS7.1AI score0.0054EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/26 12:0 a.m.4 views

kubernetes1.29-apiserver-1.29.15-1.1 on GA media (moderate)

kubernetes1.29-apiserver-1.29.15-1.1 on GA media Announcement ID: openSUSE-SU-2025:14924-1 Rating: moderate Cross-References: CVE-2025-1767 CVSS scores: CVE-2025-1767 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2025-1767 SUSE : 8.5...

8.5CVSS7.4AI score0.00516EPSS
Exploits0
OSV
OSV
added 2025/02/18 12:0 a.m.6 views

OPENSUSE-SU-2025:14818-1 kubernetes1.31-apiserver-1.31.6-1.1 on GA media

These are all security issues fixed in the kubernetes1.31-apiserver-1.31.6-1.1 package on the GA media of openSUSE Tumbleweed...

6.2CVSS6.7AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:10901-1 kubernetes-apiserver-1.22.2-21.2 on GA media

These are all security issues fixed in the kubernetes-apiserver-1.22.2-21.2 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.7AI score0.86978EPSS
Exploits92References8
OSV
OSV
added 2024/06/15 12:0 a.m.4 views

OPENSUSE-SU-2024:13716-1 kubernetes1.24-apiserver-1.24.17-3.1 on GA media

These are all security issues fixed in the kubernetes1.24-apiserver-1.24.17-3.1 package on the GA media of openSUSE Tumbleweed...

7.7CVSS7.8AI score0.00598EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/04/02 11:53 a.m.656 views

Exploit for Server-Side Request Forgery in Kubernetes Apiserver

CVE-2022-3172 demo Run poc.sh create...

8.2CVSS7AI score0.02464EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

5CVSS6.6AI score0.02092EPSS
Exploits0References4
OSV
OSV
added 2021/09/06 12:15 p.m.7 views

UBUNTU-CVE-2021-25735

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...

6.5CVSS6.8AI score0.05524EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/03/31 12:0 a.m.3 views

PT-2020-9171 · Kubernetes +1 · Kubernetes Api Server +2

Name of the Vulnerable Software and Affected Versions: Kubernetes API Server versions 1.1 through 1.14 Kubernetes API Server versions prior to 1.15.10 Kubernetes API Server versions prior to 1.16.7 Kubernetes API Server versions prior to 1.17.3 Description: The issue allows an authorized user to...

9.8CVSS6.6AI score0.9378EPSS
Exploits9References48
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.4 views

PT-2020-6970 · Kubernetes +2 · Kubernetes Kube-Apiserver +3

Name of the Vulnerable Software and Affected Versions: Kubernetes kube-apiserver versions v1.6 through v1.15 Kubernetes kube-apiserver versions prior to v1.16.13 Kubernetes kube-apiserver versions prior to v1.17.9 Kubernetes kube-apiserver versions prior to v1.18.6 Description: The issue is relat...

8.3CVSS6AI score0.61139EPSS
Exploits3References54
Prion
Prion
added 2018/10/09 1:29 p.m.16 views

Code injection

Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with...

6CVSS8.1AI score0.01348EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder