3 matches found
Unauthenticated Remote Code Execution (RCE)
github.com/kro-run/kro is vulnerable to Unauthenticated Remote code execution RCE. The vulnerability is due to a confused-deputy scenario, where users with permission to create or modify ResourceGraphDefinition resources can supply arbitrary container images that kro's controllers deploy and run ...
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documente...
Denial Of Service
containerd is vulnerable to denial of service. An attacker is able to input a malicious crafted container image which changes the permission of existing files in the host's system which can prevent file permission to expected owner of the file...