Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 326
CVE-2018-1000187
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
CVE-2018-1002100
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
CVE-2018-1002100
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...
CVE-2018-1002100
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
CVE-2018-1002100
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
CVE-2017-1002102
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
CVE-2017-1002102
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...
CVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
CVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ...
CVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-1000187 A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | CVSS3: 3.1 | 0% Низкий | больше 7 лет назад |
 | CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | CVSS3: 4.2 | 1% Низкий | больше 7 лет назад |
| CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ... | CVSS3: 4.2 | 1% Низкий | больше 7 лет назад |
 | CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | CVSS3: 4.2 | 1% Низкий | больше 7 лет назад |
| CVE-2018-1002100 In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| CVE-2017-1002102 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. | CVSS3: 7.1 | 0% Низкий | больше 7 лет назад |
| CVE-2017-1002102 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ... | CVSS3: 7.1 | 0% Низкий | больше 7 лет назад |
| CVE-2017-1002101 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | CVSS3: 8.8 | 32% Средний | больше 7 лет назад |
| CVE-2017-1002101 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to version ... | CVSS3: 8.8 | 32% Средний | больше 7 лет назад |
| CVE-2017-1002101 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | CVSS3: 8.8 | 32% Средний | больше 7 лет назад |
Уязвимостей на страницу