Kubernetes — открытое программное обеспечение для оркестровки контейнеризированных приложений — автоматизации их развёртывания, масштабирования и координации в условиях кластера.
Релизный цикл, информация об уязвимостях
График релизов
Количество 326
CVE-2021-25749
Windows workloads can run as ContainerAdministrator even when those wo ...
GHSA-v5hq-cqqr-6w4g
Jenkins Kubernetes Plugin does not properly mask credentials
CVE-2023-30513
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2023-30513
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
GHSA-jh36-q97c-9928
Kubernetes vulnerable to validation bypass
GHSA-2394-5535-8j88
Kubernetes vulnerable to path traversal
CVE-2022-3294
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
CVE-2022-3294
Users may have access to secure endpoints in the control plane network ...
CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.
CVE-2022-3162
Users authorized to list or watch one type of namespaced custom resour ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2021-25749 Windows workloads can run as ContainerAdministrator even when those wo ... | CVSS3: 7.8 | 0% Низкий | больше 2 лет назад |
| GHSA-v5hq-cqqr-6w4g Jenkins Kubernetes Plugin does not properly mask credentials | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-30513 Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-30513 Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-jh36-q97c-9928 Kubernetes vulnerable to validation bypass | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| GHSA-2394-5535-8j88 Kubernetes vulnerable to path traversal | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2022-3294 Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. | CVSS3: 6.6 | 0% Низкий | больше 2 лет назад |
| CVE-2022-3294 Users may have access to secure endpoints in the control plane network ... | CVSS3: 6.6 | 0% Низкий | больше 2 лет назад |
| CVE-2022-3162 Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2022-3162 Users authorized to list or watch one type of namespaced custom resour ... | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу