Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

kubernetes — Vulnerabilities & Security Advisories 102

Browse all 102 CVE security advisories affecting kubernetes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kubernetes serves as an open-source container orchestration platform, automating the deployment, scaling, and management of containerized applications across distributed clusters. Its complex architecture, involving numerous interacting components like the API server and kubelet, historically exposes it to diverse vulnerability classes. Common issues include remote code execution (RCE) via unauthenticated API endpoints, privilege escalation through misconfigured role-based access controls, and cross-site scripting (XSS) in the web dashboard. With over 100 recorded CVEs, the platform has faced significant security challenges, including incidents where attackers exploited weak authentication mechanisms to gain cluster-wide control. These vulnerabilities often stem from default configurations or delayed patching of underlying dependencies. Consequently, securing Kubernetes requires rigorous network segmentation, strict identity management, and continuous monitoring to mitigate risks associated with its intricate service mesh and dynamic workload scheduling capabilities.

Top products by kubernetes: Kubernetes ingress-nginx kubelet Kubernetes ingress-nginx Minikube Image Builder Kubernetes Secrets Store CSI Driver Kubernetes Java Client kube-apiserver CSI Driver for NFS Kubernetes CSharp Client secrets-store-sync-controller azure-file-csi-driver csi-proxy kops secrets-store-csi-driver aws-iam-authenticator CSI Snapshotter kubernetes-csi external-provisioner k8s.gcr.io/defaultbackend
CVE IDTitleCVSSSeverityPublished
CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack — KubernetesCWE-184 2.7 Low2021-09-06
CVE-2021-25735 Validating Admission Webhook does not observe some previous fields — KubernetesCWE-372 6.5 Medium2021-09-06
CVE-2020-8569 Kubernetes CSI snapshot-controller DoS — CSI SnapshotterCWE-476 4.3 Medium2021-01-21
CVE-2020-8570 Kubernetes Java client libraries unvalidated path traversal in Copy implementation — Kubernetes Java ClientCWE-23 7.5 -2021-01-21
CVE-2020-8554 Kubernetes man in the middle using LoadBalancer or ExternalIPs — KubernetesCWE-283 6.3 Medium2021-01-21
CVE-2020-8567 Kubernetes Secrets Store CSI Driver plugin directory traversals — Kubernetes Secrets Store CSI DriverCWE-24 4.9 Medium2021-01-21
CVE-2020-8568 Kubernetes Secrets Store CSI Driver sync/rotate directory traversal — Kubernetes Secrets Store CSI DriverCWE-24 5.8 Medium2021-01-21
CVE-2020-8563 Secret leaks in logs for vSphere Provider kube-controller-manager — KubernetesCWE-532 4.7 Medium2020-12-07
CVE-2020-8564 Docker config secrets leaked when file is malformed and loglevel >= 4 — KubernetesCWE-532 4.7 Medium2020-12-07
CVE-2020-8565 Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 — KubernetesCWE-532 4.7 Medium2020-12-07
CVE-2020-8566 Ceph RBD adminSecrets exposed in logs when loglevel >= 4 — KubernetesCWE-532 4.7 Medium2020-12-07
CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names — ingress-nginxCWE-73 5.9 Medium2020-07-29
CVE-2020-8558 Kubernetes node setting allows for neighboring hosts to bypass localhost boundary — KubernetesCWE-420 5.4 Medium2020-07-27
CVE-2020-8557 Kubernetes node disk Denial of Service by writing to container /etc/hosts — KubernetesCWE-400 5.5 Medium2020-07-23
CVE-2019-11252 Credential leakage when failing to mount — KubernetesCWE-209 5.9 Medium2020-07-23
CVE-2020-8559 Privilege escalation from compromised node to cluster — KubernetesCWE-601 6.4 Medium2020-07-22
CVE-2020-8555 Kubernetes kube-controller-manager SSRF — KubernetesCWE-918 6.3 Medium2020-06-04
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads — KubernetesCWE-1050 6.5 Medium2020-04-01
CVE-2020-8552 Kubernetes API server denial of service — KubernetesCWE-789 5.3 Medium2020-03-27
CVE-2020-8551 Kubernetes kubelet denial of service — KubernetesCWE-789 4.3 Medium2020-03-27
CVE-2019-11251 kubectl cp allows symlink directory traversal — KubernetesCWE-61 4.8 Medium2020-02-03
CVE-2018-1002104 Kubernetes 输入验证错误漏洞 — k8s.gcr.io/defaultbackendCWE-215 5.3 Medium2020-01-14
CVE-2019-11255 Kubernetes CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation — kubernetes-csi external-provisionerCWE-20 4.8 Medium2019-12-05
CVE-2018-1002102 Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints — KubernetesCWE-601 2.6 Low2019-12-05
CVE-2019-11253 Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack — KubernetesCWE-20 7.5 High2019-10-17
CVE-2019-11250 Kubernetes client-go logs authorization headers at debug verbosity levels — KubernetesCWE-532 6.5 -2019-08-29
CVE-2019-11249 kubectl cp allows symlink directory traversal — KubernetesCWE-61 5.7 -2019-08-29
CVE-2019-11248 Kubernetes kubelet exposes /debug/pprof info on healthz port — KubernetesCWE-419 5.4 -2019-08-29
CVE-2019-11247 Kubernetes kube-apiserver allows access to custom resources via wrong scope — KubernetesCWE-20 8.3 -2019-08-29
CVE-2019-11246 kubectl cp allows symlink directory traversal — KubernetesCWE-61 5.7 -2019-08-29

This page lists every published CVE security advisory associated with kubernetes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.