The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of K8s

computer vulnerability CVE-2019-11244

Kubernetes: wrong access right assignement to cached files

Synthesis of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can read and write to the user files.
Impacted products: Kubernetes.
Severity: 1/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 24/04/2019.
Identifiers: 76676, CVE-2019-11244, VIGILANCE-VUL-29125.

Description of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can therefore read and write to the user files.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1002100

Kubernetes: infinite loop via API Server json-patch

Synthesis of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Impacted products: IBM API Connect, I-Connect, Kubernetes.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: CVE-2019-1002100, ibm10879473, VIGILANCE-VUL-28640.

Description of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1002101

Kubernetes: code execution via PowerShell Smb Mount

Synthesis of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: 65750, CVE-2018-1002101, VIGILANCE-VUL-27968.

Description of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 27624

Kubernetes: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: user shell.
Creation date: 26/10/2018.
Identifiers: VIGILANCE-VUL-27624.

Description of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27240

Kubernetes: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 17/09/2018.
Identifiers: VIGILANCE-VUL-27240.

Description of the vulnerability

An attacker can use several vulnerabilities of Kubernetes.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 27187

event-exporter: vulnerability

Synthesis of the vulnerability

A vulnerability of event-exporter was announced.
Impacted products: Kubernetes, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 10/09/2018.
Identifiers: VIGILANCE-VUL-27187.

Description of the vulnerability

A vulnerability of event-exporter was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1002100

Kubernetes: directory traversal via TAR Archives

Synthesis of the vulnerability

An attacker can traverse directories via TAR Archives of Kubernetes, in order to create a file outside the service root path.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 04/06/2018.
Identifiers: 61297, CVE-2018-1002100, VIGILANCE-VUL-26308.

Description of the vulnerability

An attacker can traverse directories via TAR Archives of Kubernetes, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11235

git: code execution via gitmodules

Synthesis of the vulnerability

An attacker can use a vulnerability via gitmodules of git, in order to run code.
Impacted products: Debian, Fedora, Kubernetes, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 30/05/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-263, CVE-2018-11235, DSA-4212-1, FEDORA-2018-080a3d7866, FEDORA-2018-75f7624a9f, FEDORA-2018-94eb743dad, FEDORA-2018-b10e54263a, openSUSE-SU-2018:1553-1, openSUSE-SU-2018:2502-1, openSUSE-SU-2018:3519-1, RHSA-2018:1957-01, RHSA-2018:2147-01, SSA:2018-152-01, SUSE-SU-2018:1566-1, SUSE-SU-2018:1872-1, SUSE-SU-2018:2469-1, SUSE-SU-2018:3440-1, USN-3671-1, VIGILANCE-VUL-26260.

Description of the vulnerability

An attacker can use a vulnerability via gitmodules of git, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 25775

Kubernetes: vulnerability via Cluster Autoscaler

Synthesis of the vulnerability

A vulnerability via Cluster Autoscaler of Kubernetes was announced.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Creation date: 04/04/2018.
Identifiers: VIGILANCE-VUL-25775.

Description of the vulnerability

A vulnerability via Cluster Autoscaler of Kubernetes was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1002101 CVE-2017-1002102

Kubernetes: two vulnerabilities via Volume Subsystem

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Volume Subsystem of Kubernetes.
Impacted products: Fedora, Kubernetes.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/03/2018.
Identifiers: CVE-2017-1002101, CVE-2017-1002102, FEDORA-2018-16c8fdf9b8, FEDORA-2018-9b965c4eed, VIGILANCE-VUL-25531.

Description of the vulnerability

An attacker can use several vulnerabilities via Volume Subsystem of Kubernetes.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about K8s: