You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| 2 | Kubernetes does not facilitate certificate revocation |[#81111](https://github.com/kubernetes/kubernetes/issues/81111)| duplicate of [#18982](https://github.com/kubernetes/kubernetes/issues/18982) and **needs a KEP**|
43
43
| 3 | HTTPS connections are not authenticated |[#81112](https://github.com/kubernetes/kubernetes/issues/81112)| Largely left as an end user exercise in setting up the right configuration |
44
44
| 4 | <abbrtitle="Time-of-check to time-of-use bug">TOCTOU</abbr> when moving PID to manager's cgroup via kubelet |[#81113](https://github.com/kubernetes/kubernetes/issues/81113)| Requires Node access for successful exploitation. Fix needed |
45
-
| 5 | Improperly patched directory traversal in kubectl cp |[#76788](https://github.com/kubernetes/kubernetes/pull/76788)| closed, assigned [CVE-2019-11249](https://github.com/advisories/GHSA-v8c4-hw4j-x4pr), fixed in [#80436](https://github.com/kubernetes/kubernetes/pull/80436)|
45
+
| 5 | Improperly patched directory traversal in `kubectl cp`|[#76788](https://github.com/kubernetes/kubernetes/pull/76788)| closed, assigned [CVE-2019-11249](https://github.com/advisories/GHSA-v8c4-hw4j-x4pr), fixed in [#80436](https://github.com/kubernetes/kubernetes/pull/80436)|
46
46
| 6 | Bearer tokens are revealed in logs |[#81114](https://github.com/kubernetes/kubernetes/issues/81114)| closed, assigned [CVE-2019-11250](https://github.com/advisories/GHSA-jmrx-5g74-6v2f), fixed in [#81330](https://github.com/kubernetes/kubernetes/pull/81330)|
47
47
| 7 | Seccomp is disabled by default |[#81115](https://github.com/kubernetes/kubernetes/issues/81115)| closed, addressed by [#101943](https://github.com/kubernetes/kubernetes/pull/101943)|
| Kubernetes does not facilitate certificate revocation |[#81111](https://github.com/kubernetes/kubernetes/issues/81111)| High | High | Medium |
123
123
| Use of InsecureSkipVerify and other TLS weaknesses |[#81119](https://github.com/kubernetes/kubernetes/issues/81119)| High | High | Medium |
124
-
|Kubectl can cause a local Out Of Memory error with a malicious Pod specification |[#81123](https://github.com/kubernetes/kubernetes/issues/81123)| Medium | Medium | Medium |
124
+
|`kubectl` can cause a local Out Of Memory error with a malicious Pod specification |[#81123](https://github.com/kubernetes/kubernetes/issues/81123)| Medium | Medium | Medium |
125
125
| Improper fetching of PIDs allows incorrect cgroup movement |[#81124](https://github.com/kubernetes/kubernetes/issues/81124)| Medium | Medium | Medium |
126
126
| kubelet liveness probes can be used to enumerate host network |[#81129](https://github.com/kubernetes/kubernetes/issues/81129)| High | High | Medium |
127
127
| API Server supports insecure TLS ciphersuites |[#81145](https://github.com/kubernetes/kubernetes/issues/81145)| Medium | Medium | Low |
0 commit comments