Kubernetes: >> Kubernetes >> 1.20.6 Security Vulnerabilities
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
CVSS Score
3.0
EPSS Score
0.004
Published
2022-01-07
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
CVSS Score
8.8
EPSS Score
0.33
Published
2021-09-20
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
CVSS Score
2.7
EPSS Score
0.009
Published
2021-09-06
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVSS Score
6.3
EPSS Score
0.248
Published
2021-01-21
Page 2