Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 326
GHSA-qc2g-gmh6-95p4
kube-apiserver vulnerable to policy bypass
GHSA-cgcv-5272-97pr
Kubernetes mountable secrets policy bypass
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secre ...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
CVE-2023-2727
Users may be able to launch containers using images that are restricte ...
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
SUSE-SU-2023:2691-1
Security update for kubernetes1.23
BDU:2023-03305
Уязвимость компонента GCP Provider инструмента автоматизированной системы обеспечения kOps программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-qc2g-gmh6-95p4 kube-apiserver vulnerable to policy bypass | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-cgcv-5272-97pr Kubernetes mountable secrets policy bypass | CVSS3: 6.5 | 4% Низкий | больше 2 лет назад |
 | CVE-2023-2728 Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | CVSS3: 6.5 | 4% Низкий | больше 2 лет назад |
| CVE-2023-2728 Users may be able to launch containers that bypass the mountable secre ... | CVSS3: 6.5 | 4% Низкий | больше 2 лет назад |
| CVE-2023-2727 Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2727 Users may be able to launch containers using images that are restricte ... | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-2727 Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2728 Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | CVSS3: 6.5 | 4% Низкий | больше 2 лет назад |
 | SUSE-SU-2023:2691-1 Security update for kubernetes1.23 | 0% Низкий | больше 2 лет назад | |
 | BDU:2023-03305 Уязвимость компонента GCP Provider инструмента автоматизированной системы обеспечения kOps программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии | CVSS3: 8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу