Vulnerabilidades en Kubernetes
102 resultadosCVE-2023-2727MEDIUMBypassing policies imposed by the ImagePolicyWebhook admission pluginEPSS 1.1%CVE-2021-25745HIGHIngress-nginx path can be pointed to service account token fileEPSS 1.1%CVE-2020-8562LOWBypass of Kubernetes API Server proxy TOCTOUEPSS 1.1%CVE-2017-1002102HIGHIn Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projecEPSS 1.0%CVE-2021-25736MEDIUMWindows kube-proxy LoadBalancer contentionEPSS 0.9%CVE-2020-8553MEDIUMKubernetes ingress-nginx Compromise of auth via subset/superset namespace namesEPSS 0.9%CVE-2022-2385HIGHAccessKeyID validation bypassEPSS 0.8%CVE-2021-25743LOWANSI escape characters in kubectl output are not being filteredEPSS 0.8%CVE-2023-1174CRITICAL[minikube] Network Port exposure in minikube running on macOS using Docker driverEPSS 0.8%CVE-2018-1002103HIGHIn Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where EPSS 0.7%CVE-2021-25748HIGHIngress-nginx `path` sanitization can be bypassed with newline characterEPSS 0.7%CVE-2025-4563LOWNodes can bypass dynamic resource allocation authorization checksEPSS 0.7%CVE-2018-1002102LOWKubernetes API server follows unvalidated redirects from streaming Kubelet endpointsEPSS 0.6%CVE-2019-11245MEDIUMkubelet-started container uid changes to root after first restart or if image is already pulled to the nodeEPSS 0.6%CVE-2023-1943HIGHPrivilege Escalation in kOps using GCE/GCP Provider in Gossip ModeEPSS 0.6%CVE-2026-3864MEDIUMCSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS serverEPSS 0.5%CVE-2020-8566MEDIUMCeph RBD adminSecrets exposed in logs when loglevel >= 4EPSS 0.5%CVE-2025-1767MEDIUMThis CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same EPSS 0.5%CVE-2020-8565MEDIUMIncomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9EPSS 0.5%CVE-2020-8563MEDIUMSecret leaks in logs for vSphere Provider kube-controller-managerEPSS 0.5%