Groups

kubernetes-security-discuss

Contact owners and managers

1–30 of 142

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Feb 2

[Security Advisory] Multiple issues in ingress-nginx

Hello Kubernetes Community, Multiple issues are disclosed today in ingress-nginx, and assigned the

unread,

[Security Advisory] Multiple issues in ingress-nginx

Hello Kubernetes Community, Multiple issues are disclosed today in ingress-nginx, and assigned the

Feb 2

12/17/25

[Security Advisory] CVE-2025-14269: Credential caching in Headlamp with Helm enabled

Hello Kubernetes Community, A security issue was discovered in the in-cluster version of Headlamp

unread,

[Security Advisory] CVE-2025-14269: Credential caching in Headlamp with Helm enabled

Hello Kubernetes Community, A security issue was discovered in the in-cluster version of Headlamp

12/17/25

12/1/25

[Security Advisory] CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager

Hello Kubernetes Community, A half-blind Server Side Request Forgery (SSRF) vulnerability exists in

unread,

[Security Advisory] CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager

Hello Kubernetes Community, A half-blind Server Side Request Forgery (SSRF) vulnerability exists in

12/1/25

9/16/25

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

unread,

[Security Advisory] CVE-2025-9708: Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

Hello Kubernetes Community, A vulnerability exists in the Kubernetes C# client where the certificate

9/16/25

9/4/25

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

unread,

[Security Advisory] CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an

9/4/25

8/13/25

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

unread,

[Security Advisory] CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

Hello Kubernetes Community, A vulnerability exists in the NodeRestriction admission controller where

8/13/25

Md Niaz Morshed

8/11/25

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

unread,

Request to participate and Share the Survey with your Software Developers and Code Reviewers

Dear Sir, I hope this message finds you well. My name is Md Niaz Morshed , and I am leading a team

8/11/25

7/21/25

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

7/21/25

6/28/25

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

unread,

Responsible Disclosure

Dear Kubernetes Security Team, I hope this message finds you well. During a routine security review

6/28/25

Rita Zhang, Red Hat Product Security5

6/20/25

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

unread,

[Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks

Hello! INC3695208 ([Security Advisory] CVE-2025-4563: Nodes can bypass dynamic resource allocation

6/20/25

Red Hat Request Management

6/20/25

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

unread,

INC3693719 is Resolved: [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello! [Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

6/20/25

6/17/25

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

unread,

[Security Advisory] Race Condition in Go allows Volume Deletion in older Kubernetes versions

Hello Kubernetes Community, The Go team has released a fix in Go versions 1.21.11 and 1.22.4

6/17/25

3/24/25

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

unread,

[Security Advisory] Multiple vulnerabilities in ingress-nginx

Hello Kubernetes Community, Multiple issues have been discovered in ingress-nginx that can result in

3/24/25

3/20/25

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

unread,

[Security Advisory] CVE-2024-7598: Network restriction bypass via race condition during namespace termination

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a malicious or

3/20/25

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

3/17/25

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

unread,

CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access

Hello! INC3559449 (CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access) has been

3/17/25

3/5/25

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

unread,

Invitation to join OSS CNA Working group [Kubernetes]

## This email is intended for individuals who are points of contact for CNA coordination for your OSS

3/5/25

2/13/25

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

unread,

[Security Advisory] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a large number of

2/13/25

Vellore Rajakumar, Sri Saran Balaji, Red Hat Product Security2

1/16/25

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

unread,

[Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

Hello! INC3346000 ([Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via

1/16/25

Craig Ingram, Red Hat Product Security2

11/21/24

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

unread,

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

11/21/24

10/14/24

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

10/14/24

Craig Ingram, Red Hat Product Security2

8/19/24

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

unread,

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

8/19/24

7/17/24

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

unread,

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

7/17/24

Rita Zhang, Yuan Yan3

5/14/24

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

unread,

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

5/14/24

4/16/24

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

4/16/24

1/28/24

unread,

1/28/24

12/1/23

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

unread,

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

12/1/23

Craig Ingram, Darshil Desai2

11/14/23

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

unread,

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

11/14/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

Search

Clear search

Close search

Google apps

Main menu