Skip to main content

Kubernetes

603 CVEs product

Monthly

CVE-2024-21400 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Microsoft Confidental Containers
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2024-26147 Go HIGH PATCH This Week

Helm is a package manager for Charts for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25620 Go MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Helm
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-21403 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2024-21376 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass RCE Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.2%
CVE-2023-51702 PyPI MEDIUM PATCH This Month

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Airflow Apache Airflow Providers Cncf Kubernetes
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22424 Go HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2023-6476 Go MEDIUM PATCH This Month

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Kubernetes Denial Of Service Openshift Container Platform
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50253 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2023-30617 Go MEDIUM PATCH This Month

Kruise provides automated management of large-scale applications on Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Privilege Escalation Kruise
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-48225 CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-48713 Go MEDIUM PATCH This Month

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Serving
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-48312 Go CRITICAL POC PATCH Act Now

capsule-proxy is a reverse proxy for the capsule operator project. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Authentication Bypass Capsule Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5528 Go HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-47630 Go HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Kubernetes Kyverno
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-42816 Go MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-42815 Go MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42814 Go MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42813 Go MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-0436 HIGH PATCH This Week

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled.5.0, 1.6.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Atlas Kubernetes Operator
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46254 Go MEDIUM PATCH This Month

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure Capsule Capsule Proxy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3893 Go HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft Csi Proxy
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-5408 HIGH This Week

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-3955 Go HIGH POC PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2023-3676 Go HIGH POC PATCH THREAT This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
11.7%
CVE-2023-5044 Go HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
56.6%
CVE-2023-44392 CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection Deserialization Garden
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-3361 HIGH This Week

A flaw was found in Red Hat OpenShift Data Science. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure Python Open Data Hub Dashboard +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40026 Go MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment framework for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-41333 Go HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-39347 Go CRITICAL POC PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-0923 CRITICAL Act Now

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Openshift Data Science
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29332 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-40584 Go MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-40029 Go CRITICAL POC PATCH Act Now

Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-40025 Go HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-37917 Go HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Kubepi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37916 Go HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Kubepi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37264 Go MEDIUM POC This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Tekton Pipelines
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-2728 Go MEDIUM PATCH This Month

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2023-2727 Go MEDIUM PATCH This Month

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-33190 Go CRITICAL PATCH Act Now

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Sealos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35165 npm HIGH POC PATCH This Week

AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Aws Cloud Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2431 Go MEDIUM PATCH This Month

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34242 Go MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-2878 Go MEDIUM POC PATCH This Month

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Secrets Store Csi Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34091 Go MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22647 Go HIGH PATCH This Week

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Rancher
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-33234 PyPI HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes Apache Airflow Providers Cncf Kubernetes
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-33191 Go HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-30840 Go HIGH PATCH This Week

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Fluid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22651 Go CRITICAL PATCH Act Now

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Rancher
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-30841 Go MEDIUM POC PATCH This Month

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Baremetal Operator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2250 MEDIUM PATCH This Month

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Kubernetes Open Cluster Management
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-30622 Go HIGH PATCH This Week

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Clusternet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-30513 Maven HIGH PATCH This Week

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-30512 Go MEDIUM This Month

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-28114 Go MEDIUM PATCH This Month

`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity.

Kubernetes Information Disclosure Cilium Cli
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-27595 Go CRITICAL PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27593 Go MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28110 CRITICAL POC PATCH Act Now

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Command Injection Jumpserver Koko
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-26484 Go HIGH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Kubevirt
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-27484 Go MEDIUM PATCH This Month

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Crossplane
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-27483 Go HIGH PATCH This Week

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Crossplane Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1065 MEDIUM PATCH This Month

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Kubernetes Monitor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-23947 Go HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2023-24619 MEDIUM POC This Month

Redpanda before 22.3.12 discloses cleartext AWS credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Redpanda
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25163 Go MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-25165 Go MEDIUM POC PATCH This Month

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-24425 Maven MEDIUM PATCH This Month

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Authentication Bypass Kubernetes Credentials Provider
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22736 Go HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2023-22482 Go HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22480 Go CRITICAL POC PATCH THREAT Act Now

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Kubeoperator
NVD GitHub
CVSS 3.1
9.8
EPSS
66.8%
CVE-2023-22478 Go HIGH POC PATCH This Week

KubePi is a modern Kubernetes panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Kubernetes Authentication Bypass Kubepi
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-22479 Go MEDIUM PATCH This Month

KubePi is a modern Kubernetes panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Session Fixation Kubepi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22463 Go CRITICAL POC PATCH THREAT Act Now

KubePi is a k8s panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Authentication Bypass Kubepi
NVD GitHub
CVSS 3.1
9.8
EPSS
69.7%
CVE-2022-47633 Go HIGH PATCH This Week

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Kubernetes Kyverno
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-23551 Go MEDIUM PATCH This Month

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Kubernetes Azure Ad Pod Identity
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-23526 Go HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Kubernetes Denial Of Service Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23525 Go HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Kubernetes Denial Of Service Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23524 Go HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-23471 Go MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Containerd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-46167 Go HIGH PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Kubernetes Capsule
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-45933 Go CRITICAL POC THREAT Act Now

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kubernetes Kubeview
NVD GitHub
CVSS 3.1
9.8
EPSS
51.7%
CVE-2022-41939 HIGH POC PATCH This Week

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Docker Information Disclosure Kubernetes Knative Func
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2022-39272 Go MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Flux2 Helm Controller Image Automation Controller +4
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-39278 HIGH This Week

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Istio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-37968 CRITICAL PATCH Act Now

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Kubernetes Azure Arc Enabled Kubernetes Azure Stack Edge
NVD
CVSS 3.1
10.0
EPSS
2.6%
CVE-2022-36103 Go HIGH PATCH This Week

Talos Linux is a Linux distribution built for Kubernetes deployments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Kubernetes Talos Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-36049 Go HIGH PATCH This Week

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm Flux2 Helm Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Microsoft +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Helm is a package manager for Charts for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Helm
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Helm
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Kubernetes +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass RCE Kubernetes +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Airflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Kubernetes Argo Cd
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Kubernetes Denial Of Service Openshift Container Platform
NVD
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Kruise provides automated management of large-scale applications on Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Privilege Escalation Kruise
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Laf is a cloud development platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Laf
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Serving
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

capsule-proxy is a reverse proxy for the capsule operator project. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Authentication Bypass +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Kubernetes Kyverno
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Kyverno
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled.5.0, 1.6.0,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Atlas Kubernetes Operator
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Kubernetes Information Disclosure +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Openshift Container Platform
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
EPSS 12% CVSS 8.8
HIGH POC PATCH THREAT This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
EPSS 57% CVSS 8.8
HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx +1
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

A flaw was found in Red Hat OpenShift Data Science. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Red Hat Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment framework for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Kubernetes Authentication Bypass Cilium
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Openshift Data Science
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
EPSS 1% CVSS 9.6
CRITICAL POC PATCH Act Now

Argo CD is a declarative continuous deployment for Kubernetes. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Kubepi
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Kubepi
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Tekton Pipelines
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Sealos
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Aws Cloud Development Kit
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Fedora
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cilium
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Secrets Store Csi Driver
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
EPSS 1% CVSS 8.0
HIGH PATCH This Week

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Rancher
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Fluid
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Rancher
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Baremetal Operator
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Kubernetes Open Cluster Management
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Clusternet
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Jenkins Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cubefs
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity.

Kubernetes Information Disclosure Cilium Cli
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Command Injection Jumpserver +1
NVD GitHub
EPSS 1% CVSS 8.2
HIGH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Kubevirt
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Crossplane
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Crossplane Runtime
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Kubernetes Monitor
NVD GitHub
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Redpanda before 22.3.12 discloses cleartext AWS credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Redpanda
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Helm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Authentication Bypass +1
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
EPSS 67% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Kubeoperator
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

KubePi is a modern Kubernetes panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Kubernetes Authentication Bypass Kubepi
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

KubePi is a modern Kubernetes panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Session Fixation +1
NVD GitHub
EPSS 70% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

KubePi is a k8s panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Authentication Bypass Kubepi
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Kubernetes Kyverno
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Microsoft Kubernetes +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Kubernetes Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Kubernetes Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Containerd
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Kubernetes +1
NVD GitHub
EPSS 52% CVSS 9.8
CRITICAL POC THREAT Act Now

KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kubernetes Kubeview
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Docker Information Disclosure Kubernetes +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Flux is an open and extensible continuous delivery solution for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Denial Of Service Flux2 +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Istio
NVD GitHub
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Kubernetes +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Talos Linux is a Linux distribution built for Kubernetes deployments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Kubernetes Talos Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Helm +2
NVD GitHub
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy