Kubernetes


22 total issues disclosed

$18,700 total paid publicly


Most disclosed (3 disclosures) — Denial of Service

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces Privilege Escalation libio High 2021-12-04
IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements Man-in-the-Middle champtar Medium 2021-11-07
Broken Link Hijacking on kubernetes.io Documentation Improper Access Control - Generic codermak Low 2021-11-06
Broken link hijacing in https://kubernetes-csi.github.io/docs/drivers.html Violation of Secure Design Principles milan0 Medium 2021-11-06
Tokenless GUI Authentication Improper Authentication - Generic seanland Medium 2021-11-04
Man in the middle using LoadBalancer or ExternalIPs services Man-in-the-Middle champtar Medium 2021-11-04
SSRF for kube-apiserver cloudprovider scene Server-Side Request Forgery (SSRF) lazydog Medium 2021-10-07
Node Validation Admission does not observe all oldObject fields Improper Access Control - Generic ariellima Medium 2021-09-05
kubectl creating secrets from stringData leaves secret in plain text Cleartext Storage of Sensitive Information max_lan Low 2021-08-21
Loading YAML in Java client can lead to command execution Deserialization of Untrusted Data j0v Medium 2021-08-07
Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io Improper Authentication - Generic todayisnew Medium 2020-11-29
secret leaks in vsphere cloud controller manager log Cleartext Storage of Sensitive Information derek0405 Medium 2020-11-29
CVE-2019-11250 remains in effect. Cleartext Storage of Sensitive Information purelyapplied Medium 2020-11-29
kubeadm logs tokens before deleting them Insufficiently Protected Credentials mlevesquedion Low 2020-11-21
Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests Denial of Service mr_incompetent Medium 2020-10-31
Grafana Improper authorization Improper Authorization lazydog Low 2020-10-31
Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service. Server-Side Request Forgery (SSRF) reeverzax High 2020-10-30
Compromise of node can lead to compromise of pods on other nodes None supplied wtm Medium 2020-10-30
Compromise of auth via subset/superset namespace names. Authentication Bypass Using an Alternate Path or Channel alex_orange Medium 2020-10-30
Fake email from <any_name>@kubernetes.io to any other email None supplied lamscun None 2020-07-24
DoS for client-go jsonpath func Denial of Service lazydog Low 2020-07-24
Node disk DOS by writing to container /etc/hosts Denial of Service kebe Medium 2020-07-22