The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of K8s

computer vulnerability CVE-2019-11244

Kubernetes: wrong access right assignement to cached files

Synthesis of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can read and write to the user files.
Impacted products: Kubernetes.
Severity: 1/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 24/04/2019.
Identifiers: 76676, CVE-2019-11244, VIGILANCE-VUL-29125.

Description of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can therefore read and write to the user files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-11243

kubernetes: credential disclosure via rest.AnonymousClientConfig

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rest.AnonymousClientConfig() of kubernetes, in order to obtain sensitive information.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 23/04/2019.
Identifiers: 76797, CVE-2019-11243, VIGILANCE-VUL-29107.

Description of the vulnerability

An attacker can bypass access restrictions to data via rest.AnonymousClientConfig() of kubernetes, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1002101

Kubernetes: directory traversal via Kubectl Cp

Synthesis of the vulnerability

An attacker can traverse directories via Kubectl Cp of Kubernetes, in order to read a file outside the service root path.
Impacted products: Fedora, IBM API Connect, Kubernetes.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 02/04/2019.
Identifiers: CVE-2019-1002101, FEDORA-2019-bf800b1c04, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, VIGILANCE-VUL-28919.

Description of the vulnerability

An attacker can traverse directories via Kubectl Cp of Kubernetes, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1002100

Kubernetes: infinite loop via API Server json-patch

Synthesis of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Impacted products: IBM API Connect, I-Connect, Kubernetes.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: CVE-2019-1002100, ibm10879473, VIGILANCE-VUL-28640.

Description of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1002101

Kubernetes: code execution via PowerShell Smb Mount

Synthesis of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: 65750, CVE-2018-1002101, VIGILANCE-VUL-27968.

Description of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Kubernetes, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: bulletinapr2019, CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-18312

Perl Core: buffer overflow via Regular Expression Compilation

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Kubernetes, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133423, bulletinapr2019, CVE-2018-18312, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27917.

Description of the vulnerability

An attacker can generate a buffer overflow via Regular Expression Compilation of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-18311

Perl Core: integer overflow via Perl_my_setenv

Synthesis of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, Kubernetes, McAfee Web Gateway, Snap Creator Framework, OpenBSD, openSUSE Leap, Oracle Communications, Solaris, WebLogic, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: 133204, bulletinjan2019, cpujul2019, CVE-2018-18311, DLA-1601-1, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, HT209600, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, RHSA-2019:0109-01, RHSA-2019:1790-01, SB10276, SB10278, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27916.

Description of the vulnerability

An attacker can generate an integer overflow via Perl_my_setenv() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 27624

Kubernetes: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: user shell.
Creation date: 26/10/2018.
Identifiers: VIGILANCE-VUL-27624.

Description of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27240

Kubernetes: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 17/09/2018.
Identifiers: VIGILANCE-VUL-27240.

Description of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about K8s: