Debian Kubernetes vulnerabilities

CVE-2017-1002102 [HIGH] CVE-2017-1002102: kubernetes - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, ... In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running. Scope: local bookworm: resolved (fixed in 1.7.16+dfsg-1) bullseye: resolved (fixed in 1.7.16+dfsg-1) for

CVE-2017-1002101 [HIGH] CVE-2017-1002101: kubernetes - In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, ... In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. Scope: local bookworm: resolved (fixed in 1.7.16+dfsg-1) bu

CVE-2017-1002100 [MEDIUM] CVE-2017-1002100: kubernetes - Default access permissions for Persistent Volumes (PVs) created by the Kubernete... Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure por

CVE-2016-7075 [HIGH] CVE-2016-7075: kubernetes - It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly... It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate. Scope: local bookworm: resolved (fixed in 1.5.5+dfsg-1) bullseye: resolved (fixed in 1.5.5+dfsg-1) fork

CVE-2016-1905 [HIGH] CVE-2016-1905: kubernetes - The API server in Kubernetes does not properly check admission control, which al... The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-1906 [CRITICAL] CVE-2016-1906: kubernetes - Openshift allows remote attackers to gain privileges by updating a build configu... Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-7528 [MEDIUM] CVE-2015-7528: kubernetes - Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod lo... Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-5305 [MEDIUM] CVE-2015-5305: kubernetes - Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift En... Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved