kubernetes-security-discuss

1–30 of 79

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Jan 6

[Security Advisory] vSphere storage e2e test suite logging credentials

Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage

unread,

[Security Advisory] vSphere storage e2e test suite logging credentials

Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage

Jan 6

12/24/21

[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities

Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to

unread,

[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities

Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to

12/24/21

Red Hat Product Security, … Lisa Olson3

12/6/21

Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library

unread,

Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library

12/6/21

Red Hat Product Security

11/30/21

Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been

unread,

Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been

11/30/21

10/21/21

[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can

unread,

[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can

10/21/21

prov...@babiel.com, Stephen Augustus2

9/15/21

PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Please do not configure automated responses to this list. You're sending them to everyone. --

unread,

PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Please do not configure automated responses to this list. You're sending them to everyone. --

9/15/21

prov...@babiel.com

9/15/21

PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

unread,

PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

9/15/21

9/15/21

[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control

unread,

[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver

Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control

9/15/21

9/15/21

[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to

unread,

[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to

9/15/21

7/14/21

[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding

Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users

unread,

[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding

Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users

7/14/21

5/18/21

[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to

unread,

[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to

5/18/21

Tim Allclair, Brendan Burns3

5/17/21

[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing

(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0

unread,

[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing

(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0

5/17/21

Swamy Shivaganga Nagaraju

5/10/21

[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention

Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy

unread,

[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention

Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy

5/10/21

5/4/21

[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user

unread,

[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user

5/4/21

Thormaehlen, Frederik

4/19/21

Broken links in Kubernetes CII Badge

Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge

unread,

Broken links in Kubernetes CII Badge

Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge

4/19/21

4/14/21

CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node updates to bypass a

unread,

CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

A security issue was discovered in kube-apiserver that could allow node updates to bypass a

4/14/21

1/29/21

I hope I'm at the right place.

unread,

I hope I'm at the right place.

1/29/21

1/11/21

[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client

Hello Kubernetes Community, A security issue was discovered in Kubernetes Java Client that could

unread,

[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client

Hello Kubernetes Community, A security issue was discovered in Kubernetes Java Client that could

1/11/21

prov...@babiel.com

12/15/20

PROVIDSD-3094 [kubernetes-announce] Re: [Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

unread,

PROVIDSD-3094 [kubernetes-announce] Re: [Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

12/15/20

12/15/20

[Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS

Correction: Affected versions include v2.1.0 - v2.1.2. A new version, v2.1.3 has been released with

unread,

[Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS

Correction: Affected versions include v2.1.0 - v2.1.2. A new version, v2.1.3 has been released with

12/15/20

Tim Allclair, Kalaivanan Lakshmanan2

12/7/20

[Security Advisory] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs

+Brad Klein On Mon, Dec 7, 2020 at 10:40 PM Tim Allclair <timallclair@gmail.com> wrote: Hello

unread,

[Security Advisory] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs

+Brad Klein On Mon, Dec 7, 2020 at 10:40 PM Tim Allclair <timallclair@gmail.com> wrote: Hello

12/7/20

prov...@babiel.com

12/7/20

PROVIDSD-2810 [kubernetes-announce] [Security Advisory] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

unread,

PROVIDSD-2810 [kubernetes-announce] [Security Advisory] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs

—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups

12/7/20

Stephen Augustus

12/3/20

Re: [k8s-sig-security] Linux Foundation security scanning results for K8s

+security-discuss On Thu, Dec 3, 2020, 11:38 Lubomir I. Ivanov <neolit123@gmail.com> wrote:

unread,

Re: [k8s-sig-security] Linux Foundation security scanning results for K8s

+security-discuss On Thu, Dec 3, 2020, 11:38 Lubomir I. Ivanov <neolit123@gmail.com> wrote:

12/3/20

10/15/20

[Security Advisory] Multiple secret leaks when verbose logging is enabled

Hello Kubernetes Community, Multiple security issues have been discovered in Kubernetes that allow

unread,

[Security Advisory] Multiple secret leaks when verbose logging is enabled

Hello Kubernetes Community, Multiple security issues have been discovered in Kubernetes that allow

10/15/20

Jordan Liggitt, … Sam Fowler7

9/4/20

Re: SECURITY_CONTACTS files

Yep, this effort overlaps a lot with the below issue, which I had planned on working on as part of my

unread,

Re: SECURITY_CONTACTS files

Yep, this effort overlaps a lot with the below issue, which I had planned on working on as part of my

9/4/20

8/2/20

Feedback (Suggestions for improvement): Zero knowledge proof/Fiat Shamir protocol/Schnorr identification/SecureCore function (security kernel)/Web cleaner function (system cleanup)/Gutmann method (complete data deletion)/Device backup function/etc.

English version: look pdf. file Please forward the suggestions to the responsible departments (

unread,

Feedback (Suggestions for improvement): Zero knowledge proof/Fiat Shamir protocol/Schnorr identification/SecureCore function (security kernel)/Web cleaner function (system cleanup)/Gutmann method (complete data deletion)/Device backup function/etc.

English version: look pdf. file Please forward the suggestions to the responsible departments (

8/2/20

7/15/20

[Security Advisory] CVE-2020-8559: Privilege escalation from compromised node to cluster

Hello Kubernetes Community, A security issue was discovered in the kube-apiserver that could enable a

unread,

[Security Advisory] CVE-2020-8559: Privilege escalation from compromised node to cluster

Hello Kubernetes Community, A security issue was discovered in the kube-apiserver that could enable a

7/15/20

7/15/20

[Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

Hello Kubernetes Community, A security issue was discovered in kubelet that could result in the

unread,

[Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts

Hello Kubernetes Community, A security issue was discovered in kubelet that could result in the

7/15/20

7/8/20

[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary

Apologies for the extra email, but an error was discovered in the original announcement from earlier

unread,

[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary

Apologies for the extra email, but an error was discovered in the original announcement from earlier

7/8/20

Angus Lees, Tim Allclair2

6/10/20

Bug bounty reward vs release cycle

Thanks for raising this discussion. This came up on slack recently, and to copy my comment from there

unread,

Bug bounty reward vs release cycle

Thanks for raising this discussion. This came up on slack recently, and to copy my comment from there

6/10/20

Search

Clear search

Close search

Google apps

Main menu