目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

kubernetes 厂商漏洞列表 / CVE 中文分析 102

kubernetes 厂商相关 102 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Kubernetes 是用于自动化容器化应用部署、扩展和管理的开源平台。其历史漏洞多涉及权限提升、远程代码执行及 API 服务器越权访问,常因配置不当或组件缺陷引发。近期统计收录 102 条 CVE,凸显其复杂架构下的攻击面。项目持续强化 RBAC 机制与网络策略,但供应链安全及集群配置合规性仍是运维关键,需定期更新补丁以防范已知风险。

上位製品 kubernetes: Kubernetes ingress-nginx kubelet Kubernetes ingress-nginx Minikube Image Builder Kubernetes Secrets Store CSI Driver Kubernetes Java Client kube-apiserver CSI Driver for NFS Kubernetes CSharp Client secrets-store-sync-controller azure-file-csi-driver csi-proxy kops secrets-store-csi-driver aws-iam-authenticator CSI Snapshotter kubernetes-csi external-provisioner k8s.gcr.io/defaultbackend
CVE IDタイトルCVSS深刻度公開日
CVE-2026-3864 CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server — CSI Driver for NFSCWE-22 6.5 Medium2026-03-20
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-03-19
CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-03-09
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-06
CVE-2026-24514 ingress-nginx Admission Controller denial of service — ingress-nginxCWE-770 6.5 Medium2026-02-03
CVE-2026-24513 ingress-nginx auth-url protection bypass — ingress-nginxCWE-754 3.1 Low2026-02-03
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-03
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection — ingress-nginxCWE-20 8.8 High2026-02-03
CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager — KubernetesCWE-918 5.8 Medium2025-12-14
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks — Kubernetes CSharp ClientCWE-295 6.8 Medium2025-09-16
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs — secrets-store-sync-controllerCWE-532 6.5 Medium2025-09-05
CVE-2025-5187 Nodes can delete themselves by adding an OwnerReference — KubernetesCWE-863 6.7 Medium2025-08-27
CVE-2025-7342 VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override — Image BuilderCWE-798 7.5 High2025-08-17
CVE-2025-4563 Nodes can bypass dynamic resource allocation authorization checks — KubernetesCWE-20 2.7 Low2025-06-23
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability — ingress-nginxCWE-20 4.8 Medium2025-03-24
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation — ingress-nginxCWE-20 8.8 High2025-03-24
CVE-2025-1974 ingress-nginx admission controller RCE escalation — ingress-nginxCWE-653 9.8 Critical2025-03-24
CVE-2024-7598 Network restriction bypass via race condition during namespace termination — kube-apiserverCWE-362 3.1 Low2025-03-20
CVE-2025-1767 Kubernetes 安全漏洞 — KubeletCWE-20 6.5 Medium2025-03-13
CVE-2024-9042 Kubernetes 安全漏洞 — KubeletCWE-20 5.9 Medium2025-03-13
CVE-2025-0426 Kubernetes 安全漏洞 — kubeletCWE-400 6.2 Medium2025-02-13
CVE-2024-10220 Arbitrary command execution through gitRepo volume — kubeletCWE-22 8.1 High2024-11-22
CVE-2024-9594 VM images built with Image Builder with some providers use default credentials during builds — Image BuilderCWE-798 6.3 Medium2024-10-15
CVE-2024-9486 VM images built with Image Builder and Proxmox provider use default credentials — Image BuilderCWE-798 9.8 Critical2024-10-15
CVE-2024-7646 Ingress NGINX Controller 安全漏洞 — ingress-nginxCWE-20 8.8 High2024-08-16
CVE-2024-5321 Incorrect permissions on Windows containers logs — KubernetesCWE-276 6.1 Medium2024-07-18
CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs — azure-file-csi-driverCWE-532 6.5 Medium2024-05-15
CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin — KubernetesCWE-20 2.7 Low2024-04-22

本页汇总了 kubernetes 厂商截至目前公开的全部 102 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。