Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 318
CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
BDU:2022-01684
Уязвимость компонента kube-apiserver программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to ...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVE-2020-8566
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
CVE-2020-8566
In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorizatio ...
CVE-2020-8564
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-25735 A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | CVSS3: 6.5 | 18% Средний | около 4 лет назад |
 | BDU:2022-01684 Уязвимость компонента kube-apiserver программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании | CVSS3: 6.5 | 18% Средний | больше 4 лет назад |
 | CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
| CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to ... | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
 | CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
| CVE-2020-8566 In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
| CVE-2020-8566 In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ... | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
| CVE-2020-8565 In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
| CVE-2020-8565 In Kubernetes, if the logging level is set to at least 9, authorizatio ... | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
| CVE-2020-8564 In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | CVSS3: 4.7 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу