Kubernetes: Security Vulnerabilities
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-17
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
CVSS Score
5.3
EPSS Score
0.004
Published
2016-04-11
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
CVSS Score
9.8
EPSS Score
0.025
Published
2016-02-03
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
CVSS Score
7.7
EPSS Score
0.002
Published
2016-02-03
Page 10