> A security issue was discovered in azure-file-csi-driver where an actor > with access to the driver logs could observe service account tokens. These > tokens could then

, A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes

Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object (in the `networking.

Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use directives to bypass the sanitization of the `spec.rules[]

Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object (in the `networking.k8s

, A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those

, A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are

, A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are

Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode , where Node service account credentials could be used by a container running in the cluster

, A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin

, A security issue was discovered in Kubernetes where users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers

, A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. This issue has been rated LOW (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I

, A security issue was discovered in secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially

address two security issues in minikube. We recommend all to upgrade minikube to the latest version and delete any Kubernetes clusters created with an affected version. Minikube

, A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted

, A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different

, A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true

, A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. This issue has been rated

Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.

Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking

Details A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress

has affected you, update your configuration, and take further action as appropriate for your situation. Thank You, Tabitha Sable, on behalf of the Kubernetes Security Response Committee

, please update the Elasticsearch StatefulSet to the latest version. See es-statefulset.yaml for an example. Thank You, CJ Cullen on behalf of the Kubernetes Security Response Committee

, A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. This

, A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able

, A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including

, A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

*A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in

, A security issue was discovered in the Windows version of kube-proxy where a process on a Node may be able to accept traffic intended for a LoadBalancer Service. Clusters without Windows

kubernetes-security-discuss < kubernetes-security-discuss@googlegroups.com> Date: Mon, Jan 11, 2021 at 3:15 PM Subject: [Security Advisory] CVE-2020-8570: Path Traversal