Kubernetes Security Vulnerabilities and Issues — Kubernetes CVE List

Lucene search

KubernetesKubernetes

10 matches found

CVE•added 2023/07/03 9:15 p.m.•2816 views

CVE-2023-2727

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

6.5CVSS6.6AI score0.00179EPSS

CVE•added 2023/07/03 9:15 p.m.•2706 views

CVE-2023-2728

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubern...

6.5CVSS6.6AI score0.04339EPSS

CVE•added 2023/10/31 9:15 p.m.•931 views

CVE-2023-3676

A security issue was discovered in Kubernetes where a userthat can create pods on Windows nodes may be able to escalate to adminprivileges on those nodes. Kubernetes clusters are only affected if theyinclude Windows nodes.

8.8CVSS8.6AI score0.35687EPSS

CVE•added 2023/10/31 9:15 p.m.•432 views

CVE-2023-3955

8.8CVSS8.6AI score0.00579EPSS

CVE•added 2023/11/14 9:15 p.m.•415 views

CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

8.8CVSS7.8AI score0.21078EPSS

CVE•added 2023/06/16 8:15 a.m.•279 views

CVE-2023-2431

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp d...

5.5CVSS5.5AI score0.00009EPSS

CVE•added 2023/03/01 7:15 p.m.•262 views

CVE-2022-3162

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sh...

6.5CVSS6.9AI score0.0075EPSS

CVE•added 2023/03/01 7:15 p.m.•215 views

CVE-2022-3294

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to e...

8.8CVSS7.3AI score0.00469EPSS

CVE•added 2023/05/24 5:15 p.m.•96 views

CVE-2021-25749

Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.

7.8CVSS7.3AI score0.00033EPSS

CVE•added 2023/10/30 3:15 a.m.•81 views

CVE-2021-25736

Kube-proxyon Windows can unintentionally forward traffic to local processeslistening on the same port (“spec.ports[*].port”) as a LoadBalancerService when the LoadBalancer controllerdoes not set the “status.loadBalancer.ingress[].ip” field. Clusterswhere the LoadBalancer controller sets the“status....

6.3CVSS6AI score0.00124EPSS