Search for packages
| purl | pkg:deb/debian/kubernetes@1.17.4-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-35gz-1zjh-2qan | Kubernetes DoS Vulnerability In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server. |
CVE-2019-1002100
GHSA-q4rr-64r9-fwgf |
| VCID-3m8h-88sb-f7hk | Privilege Escalation in Kubernetes In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. |
CVE-2018-1002105
GHSA-579h-mv94-g4gp |
| VCID-68f5-9mbb-syf5 | kubernetes: Incorrect rule injection in CNI portmap plugin |
CVE-2019-9946
|
| VCID-9498-37sr-xyet | kubernetes: /debug/pprof endpoint exposed on kubelet's healthz port |
CVE-2019-11248
|
| VCID-9s34-1nd8-f7ee | XML Entity Expansion and Improper Input Validation in Kubernetes API server Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. ### Specific Go Packages Affected k8s.io/kubernetes/pkg/apiserver |
CVE-2019-11253
GHSA-pmqp-h87c-mr78 |
| VCID-dpht-br2m-zqfs | Kubernetes arbitrary file overwrite In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. |
CVE-2018-1002100
GHSA-2jq6-ffph-p4h8 |
| VCID-dxhw-y156-2kfz | Kubernetes API Server DoS Via API Requests The Kubernetes API server component in Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. |
CVE-2020-8552
GHSA-82hx-w2r5-c2wq |
| VCID-fbzn-vujj-pud5 | Excessive Platform Resource Consumption within a Loop in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. |
CVE-2019-11254
GHSA-wxc4-f4m6-wwqv |
| VCID-ptve-3k7k-cqcm | Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. |
CVE-2020-8551
GHSA-qhm4-jxv7-j9pq |
| VCID-rwt5-ctc9-tba1 | Kubernetes client-go library logs may disclose credentials to unauthorized users The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. |
CVE-2019-11250
GHSA-jmrx-5g74-6v2f |
| VCID-x5e9-nj8f-aye9 | kubernetes: improper validation of URL redirection in the Kubernetes API server allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints |
CVE-2018-1002102
|
| VCID-zb2s-uwse-zfdf | Kubernetes kube-apiserver unauthorized access The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. |
CVE-2019-11247
GHSA-fp37-c92q-4pwq |