Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
kubernetes-security-discuss
Conversations
About
kubernetes-security-discuss
1–30 of 89
Public discussion forum for the
Kubernetes Release Process
.
Do NOT post security issues here. Follow the
Kubernetes Security Disclosure
process.
Mark all as read
Report abusive group
0 selected
Priyanka Makhija
Aug 5
Report OS Vulnerability with external-dns image
Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the
unread,
Report OS Vulnerability with external-dns image
Hi Team, I am trying to use external-dns in my organisation. It is a compliance mandate to scan the
Aug 5
Jesire Belleza
,
Luke Hinds
2
Aug 3
external-dns vulnerability
Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting
unread,
external-dns vulnerability
Hi Jesire I already replied to this in a different thread, pasting my reply here; Thanks for letting
Aug 3
Jesire Belleza
,
Luke Hinds
2
Aug 1
external-dns vulnerability finding
Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt
unread,
external-dns vulnerability finding
Hi Jesire, Thanks for letting us know. As this is an indirect dependency (you don't use jwt
Aug 1
Hausler, Micah
Jul 11
[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass
Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-
unread,
[Security Advisory] CVE-2022-2385: AccessKeyID validation bypass
Hello Kubernetes Community, A security issue was discovered in aws-iam-authenticator where an allow-
Jul 11
CJ Cullen
,
Red Hat Product Security
2
Jun 15
[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character
Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be
unread,
[Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character
Hello! INC2245575 ([Security Advisory] CVE-2021-25748: Ingress-nginx `path` sanitization can be
Jun 15
Jonathan Bonami-McRae
May 16
ingress-nginx-v1.2.0 potential vulnerability
Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when
unread,
ingress-nginx-v1.2.0 potential vulnerability
Hello, We're running ingress-nginx v1.2.0 and are showing the following vulnerabilities when
May 16
CJ Cullen
Apr 22
[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update
unread,
[Security Advisory] CVE-2021-25746: Ingress-nginx directive injection via annotations
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update
Apr 22
CJ Cullen
Apr 22
[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update
unread,
[Security Advisory] CVE-2021-25745: Ingress-nginx `path` can be pointed to service account token file
Issue Details A security issue was discovered in ingress-nginx where a user that can create or update
Apr 22
王韵
,
樊尚享
4
Mar 14
How to fix IP Forwarding issue in K8s env
Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (
unread,
How to fix IP Forwarding issue in K8s env
Hi , For security guideline of Kubernetes cluster, please refer to CIS Kubernetes Benchmarks (
Mar 14
Tim Allclair
Feb 10
Proposal for vulnerability pre-announcements
The Security Response Committee is discussing a proposal to pre-announce vulnerabilities prior to the
unread,
Proposal for vulnerability pre-announcements
The Security Response Committee is discussing a proposal to pre-announce vulnerabilities prior to the
Feb 10
Tabitha Sable
Jan 6
[Security Advisory] vSphere storage e2e test suite logging credentials
Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage
unread,
[Security Advisory] vSphere storage e2e test suite logging credentials
Hello Kubernetes Community, We have become aware that the default configuration for vSphere storage
Jan 6
CJ Cullen
12/24/21
[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities
Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to
unread,
[Security Advisory] fluentd-elasticsearch addon updates for log4j vulnerabilities
Hello Kubernetes Community, Elastic has released updated images for Elasticsearch containing fixes to
12/24/21
Red Hat Product Security
, …
Lisa Olson
3
12/6/21
Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library
unread,
Re: [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
Hi Max, Sorry, I was out last week. I understand that you are including an update Open Source library
12/6/21
Red Hat Product Security
11/30/21
Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been
unread,
Re: [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Hello! INC1912627 ([Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver) has been
11/30/21
CJ Cullen
10/21/21
[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can
unread,
[Security Advisory] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can
10/21/21
prov...@babiel.com
,
Stephen Augustus
2
9/15/21
PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Please do not configure automated responses to this list. You're sending them to everyone. --
unread,
PROVIDSD-8966 [kubernetes-announce] [Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Please do not configure automated responses to this list. You're sending them to everyone. --
9/15/21
prov...@babiel.com
9/15/21
PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups
unread,
PROVIDSD-8965 [kubernetes-announce] [Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups
9/15/21
Hausler, Micah
9/15/21
[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control
unread,
[Security Advisory] CVE-2020-8561: Webhook redirect in kube-apiserver
Hello Kubernetes Community, A security issue was discovered in Kubernetes where actors that control
9/15/21
CJ Cullen
9/15/21
[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to
unread,
[Security Advisory] CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access
Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user may be able to
9/15/21
CJ Cullen
7/14/21
[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users
unread,
[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
Hello Kubernetes Community, A security issue was discovered with Kubernetes that could enable users
7/14/21
CJ Cullen
5/18/21
[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to
unread,
[Security Advisory] CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to
5/18/21
Tim Allclair
,
Brendan Burns
3
5/17/21
[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing
(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0
unread,
[Kubernetes Java Client] CVE-2021-25738: Code exec via yaml parsing
(oops, I also incremented the version numbers sigh) The correct unaffected versions are: > 12.0.0
5/17/21
Swamy Shivaganga Nagaraju
5/10/21
[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention
Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy
unread,
[Security Advisory] CVE-2021-25736: Windows kube-proxy LoadBalancer contention
Hello Kubernetes Community, A security issue was discovered in the Windows version of kube-proxy
5/10/21
Hausler, Micah
5/4/21
[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU
Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user
unread,
[Security Advisory] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU
Hello Kubernetes Community, A security issue was discovered in Kubernetes where an authorized user
5/4/21
Thormaehlen, Frederik
4/19/21
Broken links in Kubernetes CII Badge
Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge
unread,
Broken links in Kubernetes CII Badge
Hello Kubernetes Product Security Committee, please check the links in your Kubernetes CII Badge
4/19/21
Tim Allclair
4/14/21
CVE-2021-25735: Validating Admission Webhook does not observe some previous fields
A security issue was discovered in kube-apiserver that could allow node updates to bypass a
unread,
CVE-2021-25735: Validating Admission Webhook does not observe some previous fields
A security issue was discovered in kube-apiserver that could allow node updates to bypass a
4/14/21
Chris Cox
1/29/21
Right place
I hope I'm at the right place.
unread,
Right place
I hope I'm at the right place.
1/29/21
Brendan Burns
1/11/21
[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client
Hello Kubernetes Community, A security issue was discovered in Kubernetes Java Client that could
unread,
[Security Advisory] CVE-2020-8570: Path Traversal bug in the Java Kubernetes Client
Hello Kubernetes Community, A security issue was discovered in Kubernetes Java Client that could
1/11/21
prov...@babiel.com
12/15/20
PROVIDSD-3094 [kubernetes-announce] Re: [Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS
—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups
unread,
PROVIDSD-3094 [kubernetes-announce] Re: [Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS
—-—-—-— Bitte antworten Sie oberhalb dieser Linie. Guten Tag kubernetes-security-discuss@googlegroups
12/15/20
Tim Allclair
2
12/15/20
[Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS
Correction: Affected versions include v2.1.0 - v2.1.2. A new version, v2.1.3 has been released with
unread,
[Security Advisory] [CSI snapshot-controller] CVE-2020-8569: snapshot-controller DoS
Correction: Affected versions include v2.1.0 - v2.1.2. A new version, v2.1.3 has been released with
12/15/20