Kubernetes: >> Kubernetes Security Vulnerabilities
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-09-14
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
CVSS Score
3.1
EPSS Score
0.001
Published
2017-08-07
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-17
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
CVSS Score
5.3
EPSS Score
0.004
Published
2016-04-11
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
CVSS Score
9.8
EPSS Score
0.047
Published
2016-02-03
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
CVSS Score
7.7
EPSS Score
0.003
Published
2016-02-03
Page 6