The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of K8s

computer vulnerability note CVE-2019-11246

Kubernetes: directory traversal via kubectl cp

Synthesis of the vulnerability

An attacker can traverse directories via kubectl cp of Kubernetes, in order to read a file outside the service root path.
Impacted products: Fedora, IBM API Connect, Kubernetes.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/06/2019.
Identifiers: CVE-2019-11246, FEDORA-2019-2b8ef08c95, ibm10960606, VIGILANCE-VUL-29589.

Description of the vulnerability

An attacker can traverse directories via kubectl cp of Kubernetes, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-11245

Kubernetes kubelet: privilege escalation via Root Uid Container

Synthesis of the vulnerability

An attacker can bypass restrictions via Root Uid Container of Kubernetes kubelet, in order to escalate his privileges.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/06/2019.
Identifiers: CVE-2019-11245, VIGILANCE-VUL-29443.

Description of the vulnerability

An attacker can bypass restrictions via Root Uid Container of Kubernetes kubelet, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-11244

Kubernetes: wrong access right assignement to cached files

Synthesis of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can read and write to the user files.
Impacted products: Kubernetes.
Severity: 1/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 24/04/2019.
Identifiers: 76676, CVE-2019-11244, VIGILANCE-VUL-29125.

Description of the vulnerability

When a user specifies a world writable folder as cache, Kubernetes creates new files as world writable. A local attacker can therefore read and write to the user files.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-11243

kubernetes: credential disclosure via rest.AnonymousClientConfig

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rest.AnonymousClientConfig() of kubernetes, in order to obtain sensitive information.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 23/04/2019.
Identifiers: 76797, CVE-2019-11243, VIGILANCE-VUL-29107.

Description of the vulnerability

An attacker can bypass access restrictions to data via rest.AnonymousClientConfig() of kubernetes, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1002101

Kubernetes: directory traversal via Kubectl Cp

Synthesis of the vulnerability

An attacker can traverse directories via Kubectl Cp of Kubernetes, in order to read a file outside the service root path.
Impacted products: Fedora, IBM API Connect, Kubernetes.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user shell.
Creation date: 02/04/2019.
Identifiers: CVE-2019-1002101, FEDORA-2019-bf800b1c04, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, VIGILANCE-VUL-28919.

Description of the vulnerability

An attacker can traverse directories via Kubectl Cp of Kubernetes, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1002100

Kubernetes: infinite loop via API Server json-patch

Synthesis of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Impacted products: IBM API Connect, I-Connect, Kubernetes.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: CVE-2019-1002100, ibm10879473, VIGILANCE-VUL-28640.

Description of the vulnerability

An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-16873 CVE-2018-16874 CVE-2018-16875

Go: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Go.
Impacted products: Docker CE, Kubernetes, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/12/2018.
Identifiers: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875, openSUSE-SU-2018:4181-1, openSUSE-SU-2018:4255-1, openSUSE-SU-2018:4306-1, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0189-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1444-1, openSUSE-SU-2019:1499-1, openSUSE-SU-2019:1506-1, openSUSE-SU-2019:1703-1, SUSE-SU-2018:4297-1, SUSE-SU-2019:0048-1, SUSE-SU-2019:0048-2, SUSE-SU-2019:0286-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, SUSE-SU-2019:1234-1, SUSE-SU-2019:1234-2, SUSE-SU-2019:1264-1, VIGILANCE-VUL-28056.

Description of the vulnerability

An attacker can use several vulnerabilities of Go.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1002101

Kubernetes: code execution via PowerShell Smb Mount

Synthesis of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Impacted products: Kubernetes.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 06/12/2018.
Identifiers: 65750, CVE-2018-1002101, VIGILANCE-VUL-27968.

Description of the vulnerability

An attacker can use a vulnerability via PowerShell Smb Mount of Kubernetes, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1002105

Kubernetes: code execution via API Server Proxied Requests

Synthesis of the vulnerability

An attacker can use a vulnerability via API Server Proxied Requests of Kubernetes, in order to run code.
Impacted products: Fedora, Kubernetes.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 04/12/2018.
Identifiers: 71411, CVE-2018-1002105, FEDORA-2019-3ecff65275, VIGILANCE-VUL-27942.

Description of the vulnerability

An attacker can use a vulnerability via API Server Proxied Requests of Kubernetes, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-18314

Perl Core: buffer overflow via S_regatom

Synthesis of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Kubernetes, Snap Creator Framework, OpenBSD, openSUSE Leap, Solaris, Perl Core, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/11/2018.
Identifiers: bulletinapr2019, CVE-2018-18314, DSA-4347-1, FEDORA-2018-9dbe983805, FEDORA-2018-ca03363d57, NTAP-20190221-0003, openSUSE-SU-2018:4258-1, RHSA-2019:0001-01, RHSA-2019:0010-01, SUSE-SU-2018:4187-1, USN-3834-1, USN-3834-2, VIGILANCE-VUL-27919.

Description of the vulnerability

An attacker can generate a buffer overflow via S_regatom() of Perl Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about K8s: