K8S.Io Kubernetes vulnerabilities

CVE-2020-8562 [MEDIUM] CWE-367 Potential proxy IP restriction bypass in Kubernetes Potential proxy IP restriction bypass in Kubernetes As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not i

CVE-2021-25743 [LOW] CWE-150 kubectl ANSI escape characters not filtered kubectl ANSI escape characters not filtered kubectl (k8s.io/kubernetes/pkg/kubectl) does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.

CVE-2021-25741 [HIGH] CWE-20 Files or Directories Accessible to External Parties in kubernetes Files or Directories Accessible to External Parties in kubernetes A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

CVE-2020-8561 [MEDIUM] CWE-441 Confused Deputy in Kubernetes Confused Deputy in Kubernetes A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

CVE-2021-25740 [LOW] CWE-441 Confused Deputy in Kubernetes Confused Deputy in Kubernetes A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

CVE-2021-25737 [MEDIUM] CWE-184 Incomplete List of Disallowed Inputs in Kubernetes Incomplete List of Disallowed Inputs in Kubernetes A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

CVE-2021-25735 [MEDIUM] CWE-284 Access Restriction Bypass in kube-apiserver Access Restriction Bypass in kube-apiserver A vulnerability in Kubernetes `kube-apiserver` could allow node updates to bypass a _Validating Admission Webhook_ and allow unauthorized node updates. The information that is provided to the admission controller could contain old configurations that overwrite values used for validation. Since the overwriting takes place before the validation, this could lead the admission con

CVE-2019-11253 [HIGH] CWE-20 XML Entity Expansion and Improper Input Validation in Kubernetes API server XML Entity Expansion and Improper Input Validation in Kubernetes API server Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to

CVE-2019-11251 [MEDIUM] CWE-59 Kubernetes kubectl cp Vulnerable to Symlink Attack Kubernetes kubectl cp Vulnerable to Symlink Attack The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink,

CVE-2017-1000056 [CRITICAL] CWE-862 Kubernetes Privilege Escalation Kubernetes Privilege Escalation Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.