Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 326
CVE-2020-8561
A security issue was discovered in Kubernetes where actors that contro ...
CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
CVE-2021-25741
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
CVE-2021-25741
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
GHSA-mfv7-gq43-w965
Incomplete List of Disallowed Inputs in Kubernetes
CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able ...
CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2020-8561 A security issue was discovered in Kubernetes where actors that contro ... | CVSS3: 4.1 | 0% Низкий | около 4 лет назад |
 | CVE-2021-25740 A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | CVSS3: 3.1 | 1% Низкий | около 4 лет назад |
| CVE-2020-8561 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs. | CVSS3: 4.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-25741 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | CVSS3: 8.8 | 33% Средний | около 4 лет назад |
 | CVE-2021-25741 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | CVSS3: 8.8 | 33% Средний | около 4 лет назад |
| CVE-2020-8561 A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs. | CVSS3: 4.1 | 0% Низкий | около 4 лет назад |
| GHSA-mfv7-gq43-w965 Incomplete List of Disallowed Inputs in Kubernetes | CVSS3: 4.8 | 1% Низкий | около 4 лет назад |
 | CVE-2021-25737 A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | CVSS3: 2.7 | 1% Низкий | около 4 лет назад |
| CVE-2021-25737 A security issue was discovered in Kubernetes where a user may be able ... | CVSS3: 2.7 | 1% Низкий | около 4 лет назад |
| CVE-2021-25735 A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | CVSS3: 6.5 | 22% Средний | около 4 лет назад |
Уязвимостей на страницу