Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Kubernetes — Vulnerabilities & Security Advisories 102

Browse all 102 CVE security advisories affecting Kubernetes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kubernetes serves as an open-source container orchestration platform, automating the deployment, scaling, and management of containerized applications across distributed clusters. Its complex architecture, involving numerous interacting components like the API server and kubelet, historically exposes it to diverse vulnerability classes. Common issues include remote code execution (RCE) via unauthenticated API endpoints, privilege escalation through misconfigured role-based access controls, and cross-site scripting (XSS) in the web dashboard. With over 100 recorded CVEs, the platform has faced significant security challenges, including incidents where attackers exploited weak authentication mechanisms to gain cluster-wide control. These vulnerabilities often stem from default configurations or delayed patching of underlying dependencies. Consequently, securing Kubernetes requires rigorous network segmentation, strict identity management, and continuous monitoring to mitigate risks associated with its intricate service mesh and dynamic workload scheduling capabilities.

Top products by Kubernetes: Kubernetes ingress-nginx kubelet Kubernetes ingress-nginx Minikube Image Builder Kubernetes Secrets Store CSI Driver Kubernetes Java Client kube-apiserver CSI Driver for NFS Kubernetes CSharp Client secrets-store-sync-controller azure-file-csi-driver csi-proxy kops secrets-store-csi-driver aws-iam-authenticator CSI Snapshotter kubernetes-csi external-provisioner k8s.gcr.io/defaultbackend
CVE IDTitleCVSSSeverityPublished
CVE-2023-5528 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation — kubeletCWE-20 7.2 High2023-11-14
CVE-2022-3172 Kubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF) — kube-apiserverCWE-918 5.1 Medium2023-11-03
CVE-2023-3893 Kubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation — csi-proxyCWE-20 8.8 High2023-11-03
CVE-2023-3955 Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation — kubeletCWE-20 8.8 High2023-10-31
CVE-2023-3676 Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation — kubeletCWE-20 8.8 High2023-10-31
CVE-2021-25736 Windows kube-proxy LoadBalancer contention — Kubernetes 5.8 Medium2023-10-30
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation — ingress-nginxCWE-20 7.6 High2023-10-25
CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution — ingress-nginxCWE-20 7.6 High2023-10-25
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive — ingress-nginxCWE-20 8.8 High2023-10-25
CVE-2023-1943 Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode — kopsCWE-250 8.0 High2023-10-11
CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin — KubernetesCWE-20 6.5 Medium2023-07-03
CVE-2023-2727 Bypassing policies imposed by the ImagePolicyWebhook admission plugin — KubernetesCWE-20 6.5 Medium2023-07-03
CVE-2023-2431 Bypass of seccomp profile enforcement — KubernetesCWE-1287 3.4 Low2023-06-16
CVE-2023-2878 Kubernetes secrets-store-csi-driver discloses service account tokens in logs — secrets-store-csi-driverCWE-532 6.5 Medium2023-06-07
CVE-2023-1944 [minikube] ssh server with default password — minikubeCWE-259 8.4 High2023-05-24
CVE-2023-1174 [minikube] Network Port exposure in minikube running on macOS using Docker driver — minikubeCWE-266 9.8 Critical2023-05-24
CVE-2021-25749 runAsNonRoot logic bypass for Windows containers — KubernetesCWE-284 7.8 High2023-05-24
CVE-2021-25748 Ingress-nginx `path` sanitization can be bypassed with newline character — Kubernetes ingress-nginxCWE-20 7.6 High2023-05-24
CVE-2022-3162 Unauthorized read of Custom Resources — KubernetesCWE-23 6.5 Medium2023-03-01
CVE-2022-3294 Node address isn't always verified when proxying — KubernetesCWE-20 6.6 Medium2023-03-01
CVE-2022-2385 AccessKeyID validation bypass — aws-iam-authenticatorCWE-20 8.1 High2022-07-12
CVE-2021-25746 Ingress-nginx directive injection via annotations — Kubernetes ingress-nginxCWE-20 7.6 High2022-05-06
CVE-2021-25745 Ingress-nginx path can be pointed to service account token file — Kubernetes ingress-nginxCWE-20 7.6 High2022-05-06
CVE-2020-8562 Bypass of Kubernetes API Server proxy TOCTOU — KubernetesCWE-367 2.2 Low2022-02-01
CVE-2021-25743 ANSI escape characters in kubectl output are not being filtered — KubernetesCWE-150 3.0 Low2022-01-07
CVE-2021-25742 Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces — Kubernetes ingress-nginxCWE-20 7.6 High2021-10-29
CVE-2021-25738 Code exec via yaml parsing — Kubernetes Java ClientCWE-20 6.7 Medium2021-10-11
CVE-2021-25741 Symlink Exchange Can Allow Host Filesystem Access — KubernetesCWE-20 8.8 High2021-09-20
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack — KubernetesCWE-441 3.1 Low2021-09-20
CVE-2020-8561 Webhook redirect in kube-apiserver — KubernetesCWE-441 4.1 Medium2021-09-20

This page lists every published CVE security advisory associated with Kubernetes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.