K8s Vulnerabilities

  • Oct 10, 2024

The vulnerability puzzle: understanding base images and their relationship to CVEs

Have you ever heard of CVEs? Maybe not by their acronym, but Common Vulnerabilities and...

Jonathan Green

Cloud Security Software Engineer
  • Sep 28, 2024

CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems

A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS),...

Amit Schendel

Security Researcher
  • Aug 18, 2024

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive

Introduction Attention: a new Kubernetes vulnerability was uncovered by André Storfjord Kristiansen (@dev-bio on GitHub)...

Amit Schendel

Security Researcher
  • Apr 3, 2024

Yet another reason why the xz backdoor is a sneaky b@$tard

(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Summary of the OpenSSH XZ...

Ben Hirschberg

CTO & Co-founder
  • Mar 31, 2024

Bombshell in SSH servers! What CVE-2024-3094 means for Kubernetes users

Read our update: Yet another reason why the xz backdoor is a sneaky b@$tard On...

Amit Schendel

Security Researcher

 Kubernetes Vulnerabilities Roundup 2023
  • Dec 28, 2023

Kubernetes vulnerabilities: 2023 roundup

Transparency in vulnerability disclosure plays a crucial role in effective risk management, regardless of software...

Ben Hirschberg

CTO & Co-founder
  • Dec 19, 2023

Under the hood of CVE patching

Addressing Common Vulnerabilities and Exposures, known as CVE patching, is a practice of applying updates...

Oshrat Nir

Developer Advocate
  • Oct 27, 2023

Three new NGINX ingress controller vulnerabilities reported and how they affect Kubernetes

CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the...

Ben Hirschberg

CTO & Co-founder

 cve-2023-3676
  • Aug 23, 2023

Kubelet vulnerabilities on Windows nodes: CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893

Kubernetes security: three new interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes...

Ben Hirschberg

CTO & Co-founder

 CVE-2022-47633
  • Dec 21, 2022

CVE-2022-47633: Kyverno’s container image signature verification can be bypassed by a malicious registry or proxy

Security researchers at ARMO have found a high-severity vulnerability in the Kyverno admission controller container...

Ben Hirschberg

CTO & Co-founder
  • Nov 23, 2022

2022 Kubernetes Vulnerabilities – Main Takeaways 

All the main K8s vulnerabilities from 2022 consolidated into one article. Read all about it...

Ben Hirschberg

CTO & Co-founder
  • Nov 11, 2022

CVE-2022-39328: Unauthorized access to arbitrary endpoints in Grafana codebase

Grafana Labs published a security advisory for a new critical vulnerability in its open-source product....

Ben Hirschberg

CTO & Co-founder
slack_logos

Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest