Kubernetes: Security Vulnerabilities
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.
CVSS Score
10.0
EPSS Score
0.002
Published
2025-10-22
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVSS Score
8.1
EPSS Score
0.016
Published
2024-06-12
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
CVSS Score
7.2
EPSS Score
0.189
Published
2023-11-14
A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client's API server credentials to third parties.
CVSS Score
5.1
EPSS Score
0.025
Published
2023-11-03
A security issue was discovered in Kubernetes where a user that can
create pods on Windows nodes running kubernetes-csi-proxy may be able to
escalate to admin privileges on those nodes. Kubernetes clusters are
only affected if they include Windows nodes running
kubernetes-csi-proxy.
CVSS Score
8.8
EPSS Score
0.037
Published
2023-11-03
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
CVSS Score
8.8
EPSS Score
0.413
Published
2023-10-31
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-10-31
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-10-30
Ingress nginx annotation injection causes arbitrary command execution.
CVSS Score
7.6
EPSS Score
0.041
Published
2023-10-25
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
CVSS Score
7.6
EPSS Score
0.089
Published
2023-10-25
Page 1