18 matches found
EUVD-2021-0902
Malware in sbrugna...
RHEL 7 : kubernetes (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kubernetes: Privilege escalation in the PodSecurityPolicy admission plugin CVE-2017-1000056 - In Kubernet...
SUSE CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
GHSA-6X2M-W449-QWX7 Code Injection in CRI-O
Impact A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the kernel.corepattern kernel parameter ...
Code Injection in CRI-O
Impact A flaw introduced in CRI-O version 1.19 which an attacker can use to bypass the safeguards and set arbitrary kernel parameters on the host. As a result, anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime can abuse the kernel.corepattern kernel parameter ...
Kubernetes Privilege Escalation
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
GHSA-2JX2-76RC-2V7V Kubernetes Privilege Escalation
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
Missing Authorization
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
Google Kubernetes Elevation of Privilege Vulnerability
Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A boost vulnerability exists in the PodSecurityPolicy...
Authorization Bypass
github.com/kubernetes/kubernetes is vulnerable to authorization bypass. The library contains a bug that allows a malicious user to access any PodSecurityPolicy object. This exploit only works if the PodSecurityPolicy Admission Plugin and PodSecurityPolicy API is enabled...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
CVE-2017-1000056
CVE-2017-1000056 affects Kubernetes versions 1.5.0–1.5.4, where the PodSecurityPolicy admission plugin can be abused to escalate privileges by using any existing PodSecurityPolicy object. The root cause is a flaw in the PodSecurityPolicy admission flow that enables privilege escalation; impact is...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
CVE-2017-1000056
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object...
PT-2017-2596 · Kubernetes · Kubernetes
Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.5.0 through 1.5.4 Description: The issue is related to a plugin for accessing PodSecurityPolicy, a software tool for managing clusters of virtual machines in Kubernetes, and is associated with insufficient access control...