CVE Database

Be on top of your Kubernetes security with the most comprehensive Kubernetes related CVE database

XZ vulnerability
CVE-2024-3094

March 29, 2024 - Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of...

Find out more
10

3 new NGINX ingress controller vulnerabilities
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886

Oct 27, 2023 - Three security issues were reported by the Kubernetes security community, all of them related to the popular NGINX ingress component. CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from the cluster.

Find out more
8.8

Kubelet vulnerabilities on Windows nodes
CVE-2023-3676, CVE-2023-3955 and CVE-2023-3893

Aug 23, 2023 - The Kubernetes Security Response Committee disclosed three interrelated vulnerabilities affecting the Windows versions of Kubelet and the Kubernetes CSI proxy. These vulnerabilities pose a significant risk, allowing even users with limited permissions to escalate...

Find out more
8.8

Kyverno’s container image signature verification can be bypassed
CVE-2022-47633

Dec 21, 2022 - The vulnerability enables an attacker who is either running a malicious container image registry or is able to act as a proxy between the registry and Kyverno, to inject unsigned images into the protected cluster, bypassing the image verification policy. 

Find out more
8.1

Unauthorized access to arbitrary endpoints in Grafana codebase
CVE-2022-39328

Nov 11, 2022 - Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.

Find out more
8.1

kube-apiserver vulnerability
CVE-2022-3172 

Sep 19, 2022 - A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties.

Find out more
8.2
Close
slack_logos

Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest