| Injection in path parameter of Ingress-nginx |
Code Injection |
fisjkars |
High |
2026-03-07 |
| elections.k8s.io uses weak session secret key, may place elections at risk |
Cryptographic Issues - Generic |
ian |
High |
2025-09-19 |
| monitoring.prow-canary.k8s.io is vulnerable to CVE-2022-21703 (Grafana 0-day) |
Cross-Site Request Forgery (CSRF) |
jub0bs |
Low |
2024-06-25 |
| CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes |
Code Injection |
tomerpeled92 |
High |
2023-12-21 |
| Ingress nginx annotation injection causes arbitrary command execution |
Code Injection |
suanve |
High |
2023-11-24 |
| RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field |
Code Injection |
ginoah |
High |
2023-10-26 |
| Code inject via nginx.ingress.kubernetes.io/permanent-redirect annotation |
Code Injection |
jkroepke |
High |
2023-10-25 |
| Privilege Escalation in kOps using GCE/GCP Provider |
Privilege Escalation |
jpts |
High |
2023-08-04 |
| Git Arg Injection in kubernetes-sigs/release-sdk |
None supplied |
snoopysecurity |
Low |
2023-05-25 |
| Bypass validation parts in AWS IAM Authenticator for Kubernetes |
Improper Authentication - Generic |
0ria |
High |
2023-05-25 |
| The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML |
Code Injection |
jlleitschuh |
Medium |
2023-04-25 |
| File Read Vulnerability allows Attackers to Compromise S3 buckets using Prow |
Improper Access Control - Generic |
stealthy |
Medium |
2023-04-25 |
| SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X |
Server-Side Request Forgery (SSRF) |
weinongw |
Medium |
2022-12-10 |
| Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces |
Code Injection |
amlweems |
High |
2022-08-13 |
| Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token |
Privilege Escalation |
0ria |
High |
2022-08-06 |
| Github Account Takeover from Docs page of `kubernetes-csi.github.io` |
Improper Access Control - Generic |
codermak |
Low |
2022-06-04 |
| AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker |
Resource Injection |
t0rr3sp3dr0 |
Medium |
2022-06-02 |
| AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag |
Resource Injection |
t0rr3sp3dr0 |
Medium |
2022-06-02 |
| Attacker can bypass authentication build on ingress external auth (`nginx.ingress.kubernetes.io/auth-url`) |
Improper Authentication - Generic |
thisbug |
Medium |
2022-04-23 |
| Broken Domain Link Takeover from kubernetes.io docs |
Insecure Temporary File |
0xlegendkiller |
Low |
2022-04-03 |
| Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers |
Insecure Temporary File |
0xlegendkiller |
Low |
2022-03-25 |
| Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS |
Improper Access Control - Generic |
codermak |
Medium |
2021-12-16 |
| Broken Link Takeover from kubernetes.io docs |
Improper Access Control - Generic |
codermak |
Low |
2021-12-16 |
| Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose" |
Improper Access Control - Generic |
codermak |
Medium |
2021-12-16 |
| Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces |
Privilege Escalation |
libio |
High |
2021-12-04 |
| IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements |
Man-in-the-Middle |
champtar |
Medium |
2021-11-07 |
| Broken Link Hijacking on kubernetes.io Documentation |
Improper Access Control - Generic |
codermak |
Low |
2021-11-06 |
| Broken link hijacing in https://kubernetes-csi.github.io/docs/drivers.html |
Violation of Secure Design Principles |
milan0 |
Medium |
2021-11-06 |
| Tokenless GUI Authentication |
Improper Authentication - Generic |
seanland |
Medium |
2021-11-04 |
| Man in the middle using LoadBalancer or ExternalIPs services |
Man-in-the-Middle |
champtar |
Medium |
2021-11-04 |
| Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful) |
Man-in-the-Middle |
champtar |
Medium |
2021-10-08 |
| SSRF for kube-apiserver cloudprovider scene |
Server-Side Request Forgery (SSRF) |
lazydog |
Medium |
2021-10-07 |
| Holes in EndpointSlice Validation Enable Host Network Hijack |
Privilege Escalation |
howardjohn |
Low |
2021-09-05 |
| Node Validation Admission does not observe all oldObject fields |
Improper Access Control - Generic |
ariellima |
Medium |
2021-09-05 |
| Index Out Of Bounds in protobuf unmarshalling |
Buffer Over-read |
pulpkk |
None |
2021-08-30 |
| kubectl creating secrets from stringData leaves secret in plain text |
Cleartext Storage of Sensitive Information |
max_lan |
Low |
2021-08-21 |
| Loading YAML in Java client can lead to command execution |
Deserialization of Untrusted Data |
j0v |
Medium |
2021-08-07 |
| Bypass apiserver proxy filter |
Time-of-check Time-of-use (TOCTOU) Race Condition |
javierprovecho |
Medium |
2021-05-27 |
| SHA512 incorrect on most/many releases |
Cryptographic Issues - Generic |
ronald_petty |
Medium |
2021-05-09 |
| Code Injection via Insecure Yaml.load |
Code Injection |
r44mb00 |
Low |
2021-05-01 |
| KOPS documentation references domains which were not registered |
Privilege Escalation |
sml555 |
Low |
2021-04-02 |
| API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint |
Uncontrolled Resource Consumption |
bradgeesaman |
Medium |
2021-04-01 |
| Kubelet follows symlinks as root in /var/log from the /logs server endpoint |
Privilege Escalation |
danielsagi |
Medium |
2021-04-01 |
| Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io |
Improper Authentication - Generic |
todayisnew |
Medium |
2020-11-29 |
| secret leaks in vsphere cloud controller manager log |
Cleartext Storage of Sensitive Information |
derek0405 |
Medium |
2020-11-29 |
| CVE-2019-11250 remains in effect. |
Cleartext Storage of Sensitive Information |
purelyapplied |
Medium |
2020-11-29 |
| kubeadm logs tokens before deleting them |
Insufficiently Protected Credentials |
mlevesquedion |
Low |
2020-11-21 |
| Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests |
Denial of Service |
mr_incompetent |
Medium |
2020-10-31 |
| Grafana Improper authorization |
Improper Authorization |
lazydog |
Low |
2020-10-31 |
| Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service. |
Server-Side Request Forgery (SSRF) |
reeverzax |
High |
2020-10-30 |
| Compromise of node can lead to compromise of pods on other nodes |
None supplied |
wtm |
Medium |
2020-10-30 |
| Compromise of auth via subset/superset namespace names. |
Authentication Bypass Using an Alternate Path or Channel |
alex_orange |
Medium |
2020-10-30 |
| Fake email from <any_name>@kubernetes.io to any other email |
None supplied |
lamscun |
None |
2020-07-24 |
| DoS for client-go jsonpath func |
Denial of Service |
lazydog |
Low |
2020-07-24 |
| Node disk DOS by writing to container /etc/hosts |
Denial of Service |
kebe |
Medium |
2020-07-22 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles