Kubernetes Official CVE Feed

Ingress nginx annotation injection causes arbitrary command execution

ingress-nginx path sanitization can be bypassed

Insufficient input sanitization on Windows nodes leads to privilege escalation

Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Insufficient input sanitization on Windows nodes leads to privilege escalation

Bypass of seccomp profile enforcement

Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

secrets-store-csi-driver discloses service account tokens in logs

Node address isn't always verified when proxying

Unauthorized read of Custom Resources

Aggregated API server can cause clients to be redirected (SSRF)

`runAsNonRoot` logic bypass for Windows containers

Ingress-nginx `path` sanitization can be bypassed with newline character

Ingress-nginx directive injection via annotations

Ingress-nginx `path` can be pointed to service account token file

Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Symlink Exchange Can Allow Host Filesystem Access

Holes in EndpointSlice Validation Enable Host Network Hijack

Processes may panic upon receipt of malicious protobuf messages