-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
4 changed files
with
79 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| cve: CVE-2021-25749 | ||
| issueUrl: https://github.com/kubernetes/kubernetes/issues/112192 | ||
| published: 2022-09-15T00:00Z | ||
| description: A security issue was discovered in Kubernetes that could allow Windows workloads to run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | ||
| components: | ||
| - kubelet | ||
| cvss: | ||
| kubernetes: | ||
| scoreV3: 7.8 | ||
| vectorV3: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | ||
| affected: | ||
| - range: ">= 1.20, <= 1.22.13" | ||
| fixedBy: "1.22.14" | ||
| - range: ">= 1.23.0, <= 1.23.10" | ||
| fixedBy: "1.23.11" | ||
| - range: ">= 1.24.0, <= 1.24.4" | ||
| fixedBy: "1.24.5" | ||
| - range: ">= 1.25, < 1.25.0" | ||
| fixedBy: "1.25.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| cve: CVE-2023-3676 | ||
| issueUrl: https://github.com/kubernetes/kubernetes/issues/119339 | ||
| published: 2023-07-14T00:00Z | ||
| description: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||
| components: | ||
| - kubelet | ||
| cvss: | ||
| kubernetes: | ||
| scoreV3: 8.8 | ||
| vectorV3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | ||
| affected: | ||
| - range: "<= 1.24.16" | ||
| fixedBy: "1.24.17" | ||
| - range: ">= 1.25, <= 1.25.12" | ||
| fixedBy: "1.25.13" | ||
| - range: ">= 1.26, <= 1.26.7" | ||
| fixedBy: "1.26.8" | ||
| - range: ">= 1.27, <= 1.27.4" | ||
| fixedBy: "1.27.5" | ||
| - range: ">= 1.28, < 1.28.1" | ||
| fixedBy: "1.28.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| cve: CVE-2023-3955 | ||
| issueUrl: https://github.com/kubernetes/kubernetes/issues/119595 | ||
| published: 2023-07-14T00:00Z | ||
| description: A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | ||
| components: | ||
| - kubelet | ||
| cvss: | ||
| kubernetes: | ||
| scoreV3: 8.8 | ||
| vectorV3: CVSS:3.1/av:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | ||
| affected: | ||
| - range: "<= 1.24.16" | ||
| fixedBy: "1.24.17" | ||
| - range: ">= 1.25, <= 1.25.12" | ||
| fixedBy: "1.25.13" | ||
| - range: ">= 1.26, <= 1.26.7" | ||
| fixedBy: "1.26.8" | ||
| - range: ">= 1.27, <= 1.27.4" | ||
| fixedBy: "1.27.5" | ||
| - range: ">= 1.28, < 1.28.1" | ||
| fixedBy: "1.28.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| cve: CVE-2024-3177 | ||
| issueUrl: https://github.com/kubernetes/kubernetes/issues/124336 | ||
| published: 2024-04-16T00:00Z | ||
| description: | | ||
| A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. | ||
| components: | ||
| - kube-apiserver | ||
| cvss: | ||
| kubernetes: | ||
| scoreV3: 2.7 | ||
| vectorV3: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | ||
| affected: | ||
| - range: "<= 1.27.12" | ||
| fixedBy: "1.27.13" | ||
| - range: ">= 1.28, <= 1.28.8" | ||
| fixedBy: "1.28.9" | ||
| - range: ">= 1.29, <= 1.29.3" | ||
| fixedBy: "1.29.4" |