Vulnerabilities in Kubernetes
102 resultsCVE-2021-25740LOWHoles in EndpointSlice Validation Enable Host Network HijackEPSS 1.8%CVE-2021-25742HIGHIngress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespacesEPSS 1.8%CVE-2019-11250MEDIUMKubernetes client-go logs authorization headers at debug verbosity levelsEPSS 1.8%CVE-2019-11255MEDIUMKubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutationEPSS 1.7%CVE-2024-9594MEDIUMVM images built with Image Builder with some providers use default credentials during buildsEPSS 1.6%CVE-2022-3294MEDIUMNode address isn't always verified when proxyingEPSS 1.6%CVE-2018-1002100MEDIUMIn Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned fEPSS 1.6%CVE-2022-4886HIGHIngress-nginx `path` sanitization can be bypassed with `log_format` directiveEPSS 1.6%CVE-2026-4342HIGHingress-nginx comment-based nginx configuration injectionEPSS 1.5%CVE-2019-11243LOWIn Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials rEPSS 1.5%CVE-2024-9042MEDIUMThis CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listeEPSS 1.4%CVE-2020-8567MEDIUMKubernetes Secrets Store CSI Driver plugin directory traversalsEPSS 1.4%CVE-2021-25746HIGHIngress-nginx directive injection via annotationsEPSS 1.3%CVE-2017-1002100—Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set toEPSS 1.3%CVE-2020-8568MEDIUMKubernetes Secrets Store CSI Driver sync/rotate directory traversalEPSS 1.3%CVE-2021-25737LOWHoles in EndpointSlice Validation Enable Host Network HijackEPSS 1.3%CVE-2022-3162MEDIUMUnauthorized read of Custom ResourcesEPSS 1.2%CVE-2020-8551MEDIUMKubernetes kubelet denial of serviceEPSS 1.1%CVE-2018-1002104MEDIUMVersions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.EPSS 1.1%CVE-2019-11252MEDIUMCredential leakage when failing to mountEPSS 1.1%