CVE-2024-39690

Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant i.e., namespaces without the ownerReference field, thereby gaining control of that namespace. Version...

EUVD-2022-2004

Malicious code in bioql PyPI...

EUVD-2022-7769

Malicious code in bioql PyPI...

EUVD-2022-1787

Malicious code in bioql PyPI...

EUVD-2022-3812

Malicious code in bioql PyPI...

GHSA-R56H-J38W-HRQQ Kubernetes kube-apiserver Vulnerable to Race Condition

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies ...

CVE-2025-1767

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remai...

CVE-2025-1767

CVE-2025-1767 affects Kubernetes clusters using the in-tree gitRepo volume to clone git repositories from pods on the same node. The in-tree gitRepo volume feature is deprecated and will not receive security updates upstream; clusters still using this feature remain vulnerable. The connected docu...

CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

CVE-2023-47630 Attacker can cause Kyverno user to unintentionally consume insecure image

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)

Summary Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote...

CVE-2019-11243

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig method returns a copy of the provided config, with credentials removed bearer token, username/password, and client certificate/key data. In the affected versions, rest.AnonymousClientConfig did not effectively clear service...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11247)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in Kubernetes API server that allows access to custom resources via wrong scope CVE-2019-11247 Vulnerability Details CVE-ID: CVE-2019-11247 Description: Kubernetes could allow a remote authenticated attacker to gain...

CVE-2015-7528

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name...