Kubernetes Official CVE Feed

VM images built with Image Builder with some providers use default credentials during builds

VM images built with Image Builder and Proxmox provider use default credentials

Ingress-nginx Annotation Validation Bypass

Network restriction bypass via race condition during namespace termination

Incorrect permissions on Windows containers logs

azure-file-csi-driver discloses service account tokens in logs

Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Ingress nginx annotation injection causes arbitrary command execution

ingress-nginx path sanitization can be bypassed

Insufficient input sanitization on Windows nodes leads to privilege escalation

Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation

Insufficient input sanitization on Windows nodes leads to privilege escalation

Bypass of seccomp profile enforcement

Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin

secrets-store-csi-driver discloses service account tokens in logs

Node address isn't always verified when proxying

Unauthorized read of Custom Resources