Security
Headlines
HeadlinesLatestCVEs

Tag

#kubernetes

CVE-2023-3955: CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation · Issue #119595 · kubernetes/kubernetes

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVE
Open in Source
#vulnerability#windows#js#kubernetes
Red Hat Security Advisory 2023-6202-01

Red Hat Security Advisory 2023-6202-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.8 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6200-01

Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6156-01

Red Hat Security Advisory 2023-6156-01 - The components for Red Hat OpenShift support for Windows Containers 8.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a bypass vulnerability.

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (

CVE-2021-25736: For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP by sbangari · Pull Request #99958 · kubernetes/kubernetes

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Red Hat Security Advisory 2023-6148-01

Red Hat Security Advisory 2023-6148-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.9 General Availability release images, which provide security updates and fix bugs. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6145-01

Red Hat Security Advisory 2023-6145-01 - Multicluster Engine for Kubernetes 2.2.9 General Availability release images, which contain security updates and fix bugs. Issues addressed include a denial of service vulnerability.