kubernetes-security-discuss

1–30 of 93

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Nov 10

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

unread,

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

Nov 10

Nov 10

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

unread,

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

Nov 10

Monis Khan, Michał Sochoń2

Sep 16

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

unread,

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

Sep 16

Pushkar Joglekar

Sep 15

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

unread,

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

Sep 15

Priyanka Makhija

Aug 5

Report OS Vulnerability with external-dns image

Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the

unread,

Report OS Vulnerability with external-dns image

Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the

Aug 5

Jesire Belleza, Luke Hinds2

Aug 3

external-dns vulnerability

Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting

unread,

external-dns vulnerability

Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting

Aug 3

Jesire Belleza, Luke Hinds2

Aug 1

external-dns vulnerability finding

Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt

unread,

external-dns vulnerability finding

Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt

Aug 1

Jul 11

[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass

Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-

unread,

[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass

Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-

Jul 11

CJ Cullen, Red Hat Product Security2

Jun 15

[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character

Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be

unread,

[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character

Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be

Jun 15

Jonathan Bonami-McRae

May 16

ingress-nginx-v1.2.0 potential vulnerability

Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when

unread,

ingress-nginx-v1.2.0 potential vulnerability

Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when

May 16

Apr 22

[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

unread,

[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

Apr 22

Apr 22

[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

unread,

[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file

Issue Details A security issue was discovered in ingress-nginx where a user that can create or update

Apr 22

王韵, 樊尚享4

Mar 14

How to fix IP Forwarding issue in K8s env

Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (

unread,

How to fix IP Forwarding issue in K8s env

Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (

Mar 14

Feb 10

Proposal for vulnerability pre-announcements

The Security Response Committee is discussing a proposal to pre-announce vulnerabilities prior to the

unread,

Proposal for vulnerability pre-announcements

The Security Response Committee is discussing a proposal to pre-announce vulnerabilities prior to the

Feb 10

Jan 6

[Security Advisory] vSphere storage e2e test suite logging credentials

Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage

unread,

[Security Advisory] vSphere storage e2e test suite logging credentials

Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage

Jan 6

12/24/21

[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities

Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to

unread,

[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities

Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to

12/24/21

Red Hat Product Security, … Lisa Olson3

12/6/21

Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library

unread,

Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library

12/6/21

Red Hat Product Security

11/30/21

Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been

unread,

Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been

11/30/21

10/21/21

[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can

unread,

[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can

10/21/21

prov...@babiel.com, Stephen Augustus2

9/15/21

PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Please do not configure automated responses to this list. You're sending them to everyone. --

unread,

PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Please do not configure automated responses to this list. You're sending them to everyone. --

9/15/21

prov...@babiel.com

9/15/21

PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

unread,

PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

9/15/21

9/15/21

[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control

unread,

[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control

9/15/21

9/15/21

[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to

unread,

[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to

9/15/21

7/14/21

[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding

Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users

unread,

[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding

Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users

7/14/21

5/18/21

[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to

unread,

[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to

5/18/21

Tim Allclair, Brendan Burns3

5/17/21

[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing

(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0

unread,

[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing

(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0

5/17/21

Swamy Shivaganga Nagaraju

5/10/21

[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention

Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy

unread,

[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention

Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy

5/10/21

5/4/21

[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user

unread,

[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user

5/4/21

Thormaehlen, Frederik

4/19/21

Broken links in Kubernetes CII Badge

Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge

unread,

Broken links in Kubernetes CII Badge

Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge

4/19/21

4/14/21

CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node updates to bypass a

unread,

CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node updates to bypass a

4/14/21

Search

Clear search

Close search

Google apps

Main menu