Groups

kubernetes-security-discuss

Contact owners and managers

1–30 of 139

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Sep 16

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

unread,

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

Sep 16

Sep 4

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

unread,

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

Sep 4

Aug 13

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

unread,

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

Aug 13

Md Niaz Morshed

Aug 11

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

unread,

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

Aug 11

Jul 21

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

Jul 21

Jun 28

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

unread,

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

Jun 28

Rita Zhang, Red Hat Product Security5

Jun 20

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

unread,

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

Jun 20

Red Hat Request Management

Jun 20

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

unread,

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Jun 20

Jun 17

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

unread,

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

Jun 17

Mar 24

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

unread,

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

Mar 24

Mar 20

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

unread,

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

Mar 20

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

Mar 17

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

unread,

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

Mar 17

Mar 5

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

unread,

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

Mar 5

Feb 13

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

unread,

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

Feb 13

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

Jan 16

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

unread,

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

Jan 16

Craig Ingram, Red Hat Product Security2

11/21/24

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

unread,

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

11/21/24

10/14/24

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

10/14/24

Craig Ingram, Red Hat Product Security2

8/19/24

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

unread,

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

8/19/24

7/17/24

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

unread,

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

7/17/24

Rita Zhang, Yuan Yan3

5/14/24

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

unread,

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

5/14/24

4/16/24

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

4/16/24

1/28/24

unread,

1/28/24

12/1/23

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

unread,

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

12/1/23

Craig Ingram, Darshil Desai2

11/14/23

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

unread,

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

11/14/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

10/14/23

unread,

10/14/23

Nikhita Raghunath, Craig Ingram2

10/10/23

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

unread,

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

10/10/23

8/23/23

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

Search

Clear search

Close search

Google apps

Main menu