Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 318
CVE-2021-25736
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.
CVE-2023-3955
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
CVE-2023-3676
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
BDU:2023-04983
Уязвимость модуля pod программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии
BDU:2023-04982
Уязвимость модуля pod программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии
GHSA-qc2g-gmh6-95p4
kube-apiserver vulnerable to policy bypass
GHSA-cgcv-5272-97pr
Kubernetes mountable secrets policy bypass
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secre ...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-25736 Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | CVSS3: 5.8 | 0% Низкий | больше 1 года назад |
 | CVE-2023-3955 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | CVSS3: 8.8 | 1% Низкий | почти 2 года назад |
| CVE-2023-3676 A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | CVSS3: 8.8 | 33% Средний | почти 2 года назад |
 | BDU:2023-04983 Уязвимость модуля pod программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 1% Низкий | почти 2 года назад |
| BDU:2023-04982 Уязвимость модуля pod программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 33% Средний | почти 2 года назад |
| GHSA-qc2g-gmh6-95p4 kube-apiserver vulnerable to policy bypass | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| GHSA-cgcv-5272-97pr Kubernetes mountable secrets policy bypass | CVSS3: 6.5 | 3% Низкий | почти 2 года назад |
 | CVE-2023-2728 Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | CVSS3: 6.5 | 3% Низкий | почти 2 года назад |
| CVE-2023-2728 Users may be able to launch containers that bypass the mountable secre ... | CVSS3: 6.5 | 3% Низкий | почти 2 года назад |
| CVE-2023-2727 Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу