openSUSE Security Advisory (SUSE-SU-2024:1403-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0389 Updated kubernetes packages fix security vulnerabilities

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

...

OESA-2024-1577 kubernetes security update

Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...

OESA-2024-1576 kubernetes security update

Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...

kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...

Fedora 40 : kubernetes (2024-ce2eefc399)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ce2eefc399 advisory. Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugi...

Fedora 39 : kubernetes (2024-662a8b6005)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-662a8b6005 advisory. Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In...

Kubernetes Input Validation Error Vulnerability

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

SUSE-SU-2024:1404-1 Security update for kubernetes1.23

This update for kubernetes1.23 fixes the following issues: - CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin bsc1222539...

UBUNTU-CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

Kubernetes 输入验证错误漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...

Oracle Linux 7 : kubernetes (ELSA-2023-12562)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12562 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.24.15 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 8 : kubernetes (ELSA-2023-12564)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12564 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 -...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2023:2542-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2542-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. - CVE-2023-2728: Fixed...

SUSE SLES15: kubernetes1.23-apiserver / kubernetes1.23-client / etc (SUSE-SU-2023:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2543-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...

SUSE SLES15: kubernetes1.24-apiserver / kubernetes1.24-client / etc (SUSE-SU-2023:2544-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2544-1 advisory. - CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin bsc1211630. -...