kubernetes-security-discuss

Contact owners and managers

1–30 of 119

Public discussion forum for the Kubernetes Release Process.

Do NOT post security issues here. Follow the Kubernetes Security Disclosure process.

0 selected

Apr 16

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

Apr 16

Jan 28

unread,

Jan 28

12/1/23

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

unread,

Kubernetes Metric-Server CVEs

Hi, I hope this is the right forum to address this to, if not could you point me in the right

12/1/23

Craig Ingram, Darshil Desai2

11/14/23

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

unread,

[Security Advisory] CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

This is a no-op. Details here: https://jira.sc-corp.net/browse/VULN-17919 On Tue, Nov 14, 2023 at 9:

11/14/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2022-4886: Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

CJ Cullen, Darshil Desai2

10/25/23

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

unread,

[Ingress-nginx Security Advisory] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Thanks we are looking into this On Wed, Oct 25, 2023 at 9:29 AM 'CJ Cullen' via kubernetes-

10/25/23

10/14/23

unread,

10/14/23

Nikhita Raghunath, Craig Ingram2

10/10/23

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

unread,

SECURITY_CONTACTS in k/k out of date

Hi Nikhita, Thanks for sharing, that's a great catch. I created a PR (https://github.com/

10/10/23

8/23/23

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/23/23

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/23/23

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

unread,

[Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation

Hello Kubernetes Community, A security issue was discovered in Kubernetes where a user that can

8/23/23

8/10/23

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

unread,

Re: How can we serve Open Source CNA's better?

Hello there I just thought to reach out and share that we are excited and looking forward to your

8/10/23

6/21/23

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

unread,

[kOps Security Advisory] CVE-2023-1943: Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

Issue Details A security issue was reported in kOps with the GCP Provider running in Gossip Mode,

6/21/23

Vellore Rajakumar, Sri Saran Balaji, … Vellore Rajakumar, Sri Saran Balaji3

6/15/23

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

unread,

[Security Advisory] CVE-2023-2431: Bypass of seccomp profile enforcement

Thank you Sean for reporting this. CVE details are not yet published to CVE service, should be

6/15/23

Rita Zhang, Red Hat Product Security2

6/15/23

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

unread,

[Security Advisory] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin

Hello! INC2647624 ([Security Advisory] CVE-2023-2727: Bypassing policies imposed by the

6/15/23

6/15/23

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

unread,

[Security Advisory] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may be able to

6/15/23

6/5/23

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

unread,

[Security Issue] Warning the insecure usages of eBPF

Hello, I'm writing this thread to uncover the hazards of eBPF misuse to the Docker and Kuberentes

6/5/23

5/25/23

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

unread,

[Security Advisory] CVE-2023-2878: secrets-store-csi-driver discloses service account tokens in logs

Hello Kubernetes Community, A security issue was discovered in secrets-store-csi-driver where an

5/25/23

Abdullah, Mohammad

5/17/23

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

unread,

Found 1 critical and 4 high vulnerabilities in kube-state-metrics:v2.8.2

Hi All, Find below the 4 high and 1 critical vulnerability found in kube-state-metrics:v2.8.2 image.

5/17/23

Vellore Rajakumar, Sri Saran Balaji

4/12/23

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

unread,

[Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

Hello Kubernetes Community, We have released minikube v1.30.0 to address two security issues in

4/12/23

2/5/23

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

unread,

FW: [EXTN] Re: node-problem-detector image Vulnerabilities

Hi All, We are scanning image node-problem-detector:v0.8.12 and found that this image have many

2/5/23

1/31/23

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

unread,

[Kubernetes Java Client] Kubernetes Java client impacted by CVE-2022-1471

Issue Details A security issue was discovered in the Kubernetes Java client library where loading

1/31/23

Satish Suradkar, Justin Santa Barbara2

1/31/23

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

unread,

Fwd: EOL in sigs.k8s.io/yaml

I wasn't able to find any documentation that this library is actually EOL - do you have a source

1/31/23

1/17/23

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

unread,

AWS Cloud Lead Developer

AWS Cloud Lead Developer needed in Plano, TX, Columbus, OH, Wilmington, DE, or NY. Onsite position

1/17/23

1/17/23

OpenShift Devops Position - Remote

Hello, Aarya here from Blink Technology Partners! At the moment, I am fulfilling the requirements of

unread,

OpenShift Devops Position - Remote

Hello, Aarya here from Blink Technology Partners! At the moment, I am fulfilling the requirements of

1/17/23

11/10/22

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

unread,

[Security Advisory] CVE-2022-3294: Node address isn't always verified when proxying

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users may have access

11/10/22

11/10/22

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

unread,

[Security Advisory] CVE-2022-3162: Unauthorized read of Custom Resources

Hello Kubernetes Community, A security issue was discovered in Kubernetes where users authorized to

11/10/22

Monis Khan, Michał Sochoń2

9/16/22

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

unread,

[Security Advisory] CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

my eyes On Fri, 16 Sept 2022 at 21:38, Monis Khan <i...@monis.app> wrote: > > Hello

9/16/22

Pushkar Joglekar

9/15/22

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

unread,

[Security Advisory] CVE-2021-25749: runAsNonRoot logic bypass for Windows containers

Hello Kubernetes Community, A security issue was discovered in Kubernetes that could allow Windows

9/15/22

Search

Clear search

Close search

Google apps

Main menu