90 matches found
Arbitrary command execution through gitRepo volume
A security vulnerability was discovered in Kubernetes that could allow a user with the ability to create a pod and associate a gitRepo volume to execute arbitrary commands beyond the container boundary. This vulnerability leverages the hooks folder in the target repository to run arbitrary comman...
Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N - Low 2.7 A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and...
ingress-nginx path sanitization can be bypassed
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use directives to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentia...
Bypass of seccomp profile enforcement
What happened? A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. This issue has been rated LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N score: 3.4. If you have pods in your cluster that use localhost type for seccomp profile but specify an...
Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N A security issue was discovered in Kubernetes where users may be able to launch containers using images that are restricted by ImagePolicyWebhook when usi...
ingress-nginx auth-proxy-set-headers nginx configuration injection
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of th...
ingress-nginx auth-url protection bypass
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a...
Credential caching in Headlamp with Helm enabled
Original tracking issue: https://github.com/kubernetes-sigs/headlamp/issues/4282 CVSS Rating: High 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Description of vulnerability A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse...
Portworx Half-Blind SSRF in kube-controller-manager
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N - Medium 5.8 A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This was patched for other in-tree StorageClasses GlusterFS, Quobyte, StorageOS, and...
Nodes can delete themselves by adding an OwnerReference
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L - Medium 6.7 A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference...
ingress-nginx admission controller RCE escalation
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Score: 9.8, Critical A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx...
ingress-nginx controller configuration injection via unsanitized mirror annotations
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Score: 8.8, High A security issue was discovered in ingress-nginx where the \mirror-target\ and \mirror-host\ Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the...
ingress-nginx controller configuration injection via unsanitized auth-url annotation
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Score: 8.8, High A security issue was discovered in ingress-nginx where the \auth-url\ Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
ingress-nginx controller auth secret file path traversal vulnerability
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Score: 4.8, Medium A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This coul...
GitRepo Volume Inadvertent Local Repository Access
Issue Details A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This issue has been rated Medium CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:...
Node Denial of Service via kubelet Checkpoint API
CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. Am I vulnerable?...
VM images built with Image Builder with some providers use default credentials during builds
CVSS Rating: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. The credentials can be used to gain root access. The...
VM images built with Image Builder and Proxmox provider use default credentials
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Additionally, virtual machine images built using the Proxmox provider do not disable these default...
Incorrect permissions on Windows containers logs
CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N - MEDIUM 6.1 A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. This issue has been...
Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - HIGH 7.2 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they ar...
Insufficient input sanitization on Windows nodes leads to privilege escalation
CVSS Rating: CVSS:3.1/av:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - HIGH 8.8 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Am...
Insufficient input sanitization on Windows nodes leads to privilege escalation
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - HIGH 8.8 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Am...
secrets-store-csi-driver discloses service account tokens in logs
A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged...
Node address isn't always verified when proxying
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them...
Unauthorized read of Custom Resources
CVSS Rating: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Am I...
Aggregated API server can cause clients to be redirected (SSRF)
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L 5.1, medium A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API...
`runAsNonRoot` logic bypass for Windows containers
A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. This issue has been rated low and assigned CVE-2021-25749 Am I vulnerable? All Kubernetes clusters with following...
Ingress-nginx `path` sanitization can be bypassed with newline character
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the...
Ingress-nginx directive injection via annotations
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...
Ingress-nginx `path` can be pointed to service account token file
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In th...
Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. This issue has been rated High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L, and assigned CVE-2021-25742...
Symlink Exchange Can Allow Host Filesystem Access
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. This issue has been rated High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and assigned...
Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
CVSS Rating: 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Medium In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. Am I vulnerable? If kube-apiserver i...
Node disk DOS by writing to container /etc/hosts
CVSS Rating: Medium 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/CR:H/IR:H/AR:M The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it...
Half-Blind SSRF in kube-controller-manager
CVSS Rating: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N There exists a Server Side Request Forgery SSRF vulnerability in kube-controller-manager that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network such...
Kubectl copy doesn't check for paths outside of it's destination directory.
Is this a BUG REPORT or FEATURE REQUEST?: Bug /kind bug What happened: kubectl cp :/some/remote/dir /some/local/dir If the container returns a malformed tarfile with paths like: '/some/remote/dir/../../../../tmp/foo' kubectl writes this to /tmp/foo instead of /some/local/dir/tmp/foo What you...
CSI Driver for SMB path traversal via subDir may delete unintended directories on the SMB server
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H — Medium 6.5 A vulnerability was discovered in the Kubernetes CSI Driver for SMB where the subDir parameter in volume identifiers was insufficiently validated. Attackers with the ability to create PersistentVolumes referencing the SMB CSI...
ingress-nginx comment-based nginx configuration injection
CVSS Rating: 8.8 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller...
ingress-nginx Admission Controller denial of service
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory...
ingress-nginx rules.http.paths.path nginx configuration injection
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and...
ingress-nginx auth-method nginx configuration injection
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the...
Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks
CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N — Medium 6.8 A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows ...
secrets-store-sync-controller discloses service account tokens in logs
A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are onl...
VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
CVSS Rating High 7.5: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root acces...
Nodes can bypass dynamic resource allocation authorization checks
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L - Low 2.7 A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly...
ingress-nginx controller configuration injection via unsanitized auth-tls-match-cn annotation
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Score: 8.8, High A security issue was discovered in ingress-nginx where the \auth-tls-match-cn\ Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-ngin...
Command Injection affecting Windows nodes via nodes/*/logs/query API
Hello Kubernetes Community, A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host. This issue has been rated Medium with a CVSS v3.1 score of 5.9...
Ingress-nginx Annotation Validation Bypass
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the...
Network restriction bypass via race condition during namespace termination
CVSS Rating: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N - Low 3.1 A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace...
azure-file-csi-driver discloses service account tokens in logs
CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - MEDIUM 6.5 A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to...