Search for packages
| purl | pkg:rpm/redhat/rubygem-fluent-plugin-kubernetes_metadata_filter@1.0.3-1?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dpht-br2m-zqfs
Aliases: CVE-2018-1002100 GHSA-2jq6-ffph-p4h8 |
Kubernetes arbitrary file overwrite In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | There are no reported fixed by versions. |
|
VCID-u9ph-5sbd-mfgp
Aliases: CVE-2018-1000169 GHSA-cpw3-x7gf-p872 |
Information Exposure Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | There are no reported fixed by versions. |
|
VCID-vmqe-m9cy-p7gp
Aliases: CVE-2018-1000400 |
cri-o: capabilities are not dropped when switching to a non-root user | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:25:46.068722+00:00 | RedHat Importer | Affected by | VCID-dpht-br2m-zqfs | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1002100.json | 38.0.0 |
| 2026-04-01T14:25:30.415830+00:00 | RedHat Importer | Affected by | VCID-u9ph-5sbd-mfgp | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000169.json | 38.0.0 |
| 2026-04-01T14:25:07.325598+00:00 | RedHat Importer | Affected by | VCID-vmqe-m9cy-p7gp | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000400.json | 38.0.0 |