Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
kubernetes-security-discuss
Conversations
About
Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
kubernetes-security-discuss
Contact owners and managers
1–30 of 125
Public discussion forum for the
Kubernetes Release Process
.
Do NOT post security issues here. Follow the
Kubernetes Security Disclosure
process.
Mark all as read
Report group
0 selected
Vellore Rajakumar, Sri Saran Balaji
,
Red Hat Product Security
2
Jan 16
[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API
Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via
unread,
[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API
Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via
Jan 16
Craig Ingram
,
Red Hat Product Security
2
11/21/24
[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume
Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo
unread,
[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume
Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo
11/21/24
Joel Smith
10/14/24
[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials
Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user
unread,
[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials
Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user
10/14/24
Craig Ingram
,
Red Hat Product Security
2
8/19/24
[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass
Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation
unread,
[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass
Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation
8/19/24
Craig Ingram
7/17/24
[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs
Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes
unread,
[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs
Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes
7/17/24
Rita Zhang
,
Yuan Yan
3
5/14/24
[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs
See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,
unread,
[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs
See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,
5/14/24
Rita Zhang
4/16/24
[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to
unread,
[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to
4/16/24
kan yashuda
1/28/24
unread,
1/28/24
Chris Doble
12/1/23
Kubernetes Metric-Server CVEs
Hi, I hope this is the right forum to address this to, if not could you point me in the right
unread,
Kubernetes Metric-Server CVEs
Hi, I hope this is the right forum to address this to, if not could you point me in the right
12/1/23
Craig Ingram
,
Darshil Desai
2
11/14/23
[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:
unread,
[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:
11/14/23
CJ Cullen
,
Darshil Desai
2
10/25/23
[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
unread,
[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
10/25/23
CJ Cullen
,
Darshil Desai
2
10/25/23
[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
unread,
[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
10/25/23
CJ Cullen
,
Darshil Desai
2
10/25/23
[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
unread,
[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-
10/25/23
Mehrad Mordi
10/14/23
unread,
10/14/23
Nikhita Raghunath
,
Craig Ingram
2
10/10/23
SECURITY_CONTACTS in k/k out of date
Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/
unread,
SECURITY_CONTACTS in k/k out of date
Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/
10/10/23
Rita Zhang
8/23/23
[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
unread,
[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
8/23/23
Rita Zhang
8/23/23
[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
unread,
[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
8/23/23
Rita Zhang
8/23/23
[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
unread,
[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can
8/23/23
Yogesh Mittal
8/10/23
Re: How can we serve Open Source CNA's better?
Hello there I just thought to reach out and share that we are excited and looking forward to your
unread,
Re: How can we serve Open Source CNA's better?
Hello there I just thought to reach out and share that we are excited and looking forward to your
8/10/23
CJ Cullen
6/21/23
[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,
unread,
[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,
6/21/23
Vellore Rajakumar, Sri Saran Balaji
, …
Vellore Rajakumar, Sri Saran Balaji
3
6/15/23
[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement
Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be
unread,
[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement
Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be
6/15/23
Rita Zhang
,
Red Hat Product Security
2
6/15/23
[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the
unread,
[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin
Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the
6/15/23
Rita Zhang
6/15/23
[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to
unread,
[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin
Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to
6/15/23
fripSide
6/5/23
[Security Issue] Warning the insecure usages of eBPF
Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes
unread,
[Security Issue] Warning the insecure usages of eBPF
Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes
6/5/23
Monis Khan
5/25/23
[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs
Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an
unread,
[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs
Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an
5/25/23
Abdullah, Mohammad
5/17/23
Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2
Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.
unread,
Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2
Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.
5/17/23
Vellore Rajakumar, Sri Saran Balaji
4/12/23
[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password
Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in
unread,
[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password
Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in
4/12/23
Man, Eric W L
2/5/23
FW: [EXTN] Re: node-problem-detector image Vulnerabilities
Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many
unread,
FW: [EXTN] Re: node-problem-detector image Vulnerabilities
Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many
2/5/23
CJ Cullen
1/31/23
[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471
Issue Details A security issue was discovered in the Kubernetes Java client library where loading
unread,
[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471
Issue Details A security issue was discovered in the Kubernetes Java client library where loading
1/31/23
Satish Suradkar
,
Justin Santa Barbara
2
1/31/23
Fwd: EOL in sigs.k8s.io/yaml
I wasn't able to find any documentation that this library is actually EOL - do you have a source
unread,
Fwd: EOL in sigs.k8s.io/yaml
I wasn't able to find any documentation that this library is actually EOL - do you have a source
1/31/23