kubernetes-security-discuss

1–30 of 110

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Aug 23

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

Aug 23

Aug 23

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

Aug 23

Aug 23

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

Aug 23

Aug 10

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

unread,

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

Aug 10

Jun 21

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

unread,

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

Jun 21

Vellore Rajakumar, Sri Saran Balaji, … Vellore Rajakumar, Sri Saran Balaji3

Jun 15

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

unread,

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

Jun 15

Rita Zhang, Red Hat Product Security2

Jun 15

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

unread,

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

Jun 15

Jun 15

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

Jun 15

Jun 5

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

unread,

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

Jun 5

May 25

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

unread,

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

May 25

Abdullah, Mohammad

May 17

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

unread,

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

May 17

Vellore Rajakumar, Sri Saran Balaji

Apr 12

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

unread,

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

Apr 12

Feb 5

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

unread,

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

Feb 5

Jan 31

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

unread,

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

Jan 31

Satish Suradkar, Justin Santa Barbara2

Jan 31

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

unread,

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

Jan 31

Jan 17

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

unread,

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

Jan 17

Jan 17

OpenShift Devops Position - Remote

Hello, Aarya here from Blink Technology Partners! At the moment, I am fulfilling the requirements of

unread,

OpenShift Devops Position - Remote

Hello, Aarya here from Blink Technology Partners! At the moment, I am fulfilling the requirements of

Jan 17

11/10/22

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

unread,

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

11/10/22

11/10/22

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

unread,

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

11/10/22

Monis Khan, Michał Sochoń2

9/16/22

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

unread,

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

9/16/22

Pushkar Joglekar

9/15/22

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

unread,

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

9/15/22

Priyanka Makhija

8/5/22

Report OS Vulnerability with external-dns image

Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the

unread,

Report OS Vulnerability with external-dns image

Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the

8/5/22

Jesire Belleza, Luke Hinds2

8/3/22

external-dns vulnerability

Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting

unread,

external-dns vulnerability

Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting

8/3/22

Jesire Belleza, Luke Hinds2

8/1/22

external-dns vulnerability finding

Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt

unread,

external-dns vulnerability finding

Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt

8/1/22

7/11/22

[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass

Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-

unread,

[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass

Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-

7/11/22

CJ Cullen, Red Hat Product Security2

6/15/22

[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character

Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be

unread,

[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character

Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be

6/15/22

Jonathan Bonami-McRae

5/16/22

ingress-nginx-v1.2.0 potential vulnerability

Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when

unread,

ingress-nginx-v1.2.0 potential vulnerability

Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when

5/16/22

4/22/22

[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

unread,

[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

4/22/22

4/22/22

[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

unread,

[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

4/22/22

王韵, 樊尚享4

3/14/22

How to fix IP Forwarding issue in K8s env

Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (

unread,

How to fix IP Forwarding issue in K8s env

Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (

3/14/22

Search

Clear search

Close search

Google apps

Main menu