Lucene search
K

61 matches found

OSV
OSV
added 2024/05/10 11:7 a.m.2 views

OESA-2024-1550 kubernetes security update

Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with t...

2.7CVSS6.7AI score0.02224EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/05/02 3:57 p.m.3 views

kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...

2.7CVSS7.3AI score0.02224EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.29 views

Fedora 40 : kubernetes (2024-ce2eefc399)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ce2eefc399 advisory. Update Kubernetes to v1.29.4 for Fedora 40. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugi...

7.5CVSS7.5AI score0.91969EPSS
Exploits2References3
CNVD
CNVD
added 2024/04/25 12:0 a.m.15 views

Kubernetes Input Validation Error Vulnerability

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

2.7CVSS4.6AI score0.02224EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.37 views

Fedora 39 : kubernetes (2024-662a8b6005)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-662a8b6005 advisory. Updates Fedora 30 to Kubernetes 1.27.13. Resolves CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin. In...

2.7CVSS6.9AI score0.02224EPSS
Exploits1References2
OSV
OSV
added 2024/04/23 2:52 p.m.6 views

SUSE-SU-2024:1404-1 Security update for kubernetes1.23

This update for kubernetes1.23 fixes the following issues: - CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin bsc1222539...

2.7CVSS3.9AI score0.02224EPSS
Exploits1References3
OSV
OSV
added 2024/04/23 2:52 p.m.3 views

SUSE-SU-2024:1403-1 Security update for kubernetes1.24

This update for kubernetes1.24 fixes the following issues: - CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin bsc1222539...

2.7CVSS3.9AI score0.02224EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2024/04/23 12:30 a.m.28 views

Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

2.7CVSS3.6AI score0.02224EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2024/04/22 11:15 p.m.9 views

AZL-40016 CVE-2024-3177 affecting package kubernetes for versions less than 1.30.1-1

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

2.7CVSS6.7AI score0.02224EPSS
Exploits1References1
OSV
OSV
added 2024/04/22 11:15 p.m.7 views

AZL-40051 CVE-2024-3177 affecting package kubernetes 1.28.4-25

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

2.7CVSS6.7AI score0.02224EPSS
Exploits1References1
OSV
OSV
added 2024/04/22 11:15 p.m.2 views

DEBIAN-CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

2.7CVSS6.1AI score0.02224EPSS
Exploits1References1
OSV
OSV
added 2024/04/22 11:15 p.m.4 views

UBUNTU-CVE-2024-3177

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

2.7CVSS6.9AI score0.02224EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.5 views

Kubernetes 输入验证错误漏洞

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes has a security vulnerability that can be exploited by an attacker to bypass the mountable secrets policy enforced by...

2.7CVSS6.8AI score0.02224EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2024/04/17 1:3 p.m.30 views

CVE-2024-3177

A flaw was found in Kubernetes' kube-apiserver. This flaw allows authenticated users to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated...

2.7CVSS6.9AI score0.02224EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.7 views

PT-2024-3763

Name of the Vulnerable Software and Affected Versions Kubernetes affected versions not specified Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when usi...

7.7CVSS8AI score0.99999EPSS
Exploits21References91
RedHat Linux
RedHat Linux
added 2023/10/31 2:23 p.m.6 views

kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...

6.5CVSS6.8AI score0.02157EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/10/31 2:6 p.m.5 views

kube-apiserver: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

A flaw was found in Kubernetes, where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures that pods running with a service account may only reference secrets specified i...

6.5CVSS6.8AI score0.02157EPSS
Exploits1References5
Veracode
Veracode
added 2023/07/06 10:13 a.m.27 views

Policy Bypass

github.com/kubernetes/kubernetes is vulnerable to Policy Bypass. The vulnerability exists in serviceaccount/admission.go, when ephemeral containers are used, which allows malicious users to start containers using restricted images, impacting the cluster if the ServiceAccount admission plugin is...

6.5CVSS6.7AI score0.02157EPSS
Exploits1References13Affected Software2
OSV
OSV
added 2023/07/03 9:30 p.m.30 views

GHSA-CGCV-5272-97PR Kubernetes mountable secrets policy bypass

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.5AI score0.02157EPSS
Exploits1References11
OSV
OSV
added 2023/07/03 9:15 p.m.19 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.5AI score
Exploits0References4
Rows per page
Query Builder