CVE Database
XZ vulnerability
CVE-2024-3094
March 29, 2024 - Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of...
3 new NGINX ingress controller vulnerabilities
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886
Oct 27, 2023 - Three security issues were reported by the Kubernetes security community, all of them related to the popular NGINX ingress component. CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the cluster.
Kubelet vulnerabilities on Windows nodes
CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893
Aug 23, 2023 - The Kubernetes Security Response Committee disclosed three interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes CSI proxy. These vulnerabilities pose a significant risk, allowing even users with limited permissions to escalate...
Kyverno’s container image signature verification can be bypassed
CVE-2022-47633
Dec 21, 2022 - The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy.
Unauthorized access to arbitrary endpoints in Grafana codebase
CVE-2022-39328
Nov 11, 2022 - Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.
kube-apiserver vulnerability
CVE-2022-3172
Sep 19, 2022 - A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties.
Keep on top of Kubernetes security
- K8s Security