kubernetes-security-discuss

Contact owners and managers

1–30 of 124

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Craig Ingram, Red Hat Product Security2

Nov 21

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

unread,

[Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo volume

Hello! INC3249969 ([Security Advisory] CVE-2024-10220: Arbitrary command execution through gitRepo

Nov 21

Oct 14

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

unread,

[Security Advisory] CVE-2024-9486 and CVE-2024-9594: VM images built with Kubernetes Image Builder use default credentials

Hello Kubernetes Community, A security issue was discovered in Kubernetes where an unauthorized user

Oct 14

Craig Ingram, Red Hat Product Security2

Aug 19

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

unread,

[Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation Validation Bypass

Hello! INC3040138 ([Ingress-nginx Security Advisory] CVE-2024-7646: Ingress-nginx Annotation

Aug 19

Jul 17

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

unread,

[Security Advisory] CVE-2024-5321: Incorrect permissions on Windows containers logs

Hello Kubernetes Community, A security issue was discovered in Kubernetes clusters with Windows nodes

Jul 17

Rita Zhang, Yuan Yan3

May 14

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

unread,

[Security Advisory] CVE-2024-3744: azure-file-csi-driver discloses service account tokens in logs

See the GitHub issue for more details: https://github.com/kubernetes/kubernetes/issues/124759 On Wed,

May 14

Apr 16

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

Apr 16

Jan 28

unread,

Jan 28

12/1/23

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

unread,

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

12/1/23

Craig Ingram, Darshil Desai2

11/14/23

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

unread,

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

11/14/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

10/14/23

unread,

10/14/23

Nikhita Raghunath, Craig Ingram2

10/10/23

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

unread,

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

10/10/23

8/23/23

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/23/23

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/23/23

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/10/23

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

unread,

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

8/10/23

6/21/23

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

unread,

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

6/21/23

Vellore Rajakumar, Sri Saran Balaji, … Vellore Rajakumar, Sri Saran Balaji3

6/15/23

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

unread,

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

6/15/23

Rita Zhang, Red Hat Product Security2

6/15/23

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

unread,

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

6/15/23

6/15/23

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

6/15/23

6/5/23

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

unread,

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

6/5/23

5/25/23

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

unread,

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

5/25/23

Abdullah, Mohammad

5/17/23

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

unread,

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

5/17/23

Vellore Rajakumar, Sri Saran Balaji

4/12/23

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

unread,

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

4/12/23

2/5/23

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

unread,

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

2/5/23

1/31/23

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

unread,

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

1/31/23

Satish Suradkar, Justin Santa Barbara2

1/31/23

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

unread,

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

1/31/23

1/17/23

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

unread,

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

1/17/23

Search

Clear search

Close search

Google apps

Main menu