Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 326
GHSA-xc8m-28vv-4pjc
Kubelet vulnerable to bypass of seccomp profile enforcement
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass ...
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVE-2023-2431
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
CVE-2023-2727
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
CVE-2023-2728
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
BDU:2023-03899
Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю настроить определенные модули на работу в "неорганиченном режиме"
GHSA-vv2r-w4hf-7mhr
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-xc8m-28vv-4pjc Kubelet vulnerable to bypass of seccomp profile enforcement | CVSS3: 4.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass ... | CVSS3: 3.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-2431 A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. | CVSS3: 3.4 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2727 Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-2728 Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. | CVSS3: 6.5 | 5% Низкий | больше 2 лет назад |
 | BDU:2023-03899 Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю настроить определенные модули на работу в "неорганиченном режиме" | CVSS3: 3.4 | 0% Низкий | больше 2 лет назад |
| GHSA-vv2r-w4hf-7mhr Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад |
| CVE-2021-25749 Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу