Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Kubernetes - HackerOne Reports

View on HackerOne

75

Total Reports

0

Critical

14

High

33

Medium

17

Low

Github test clientID and clientSecret leaked

Reported by: rira12621 | Disclosed:

Low

Weakness: Plaintext Storage of a Password

Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Reported by: amlweems | Disclosed:

High

Weakness: Code Injection

CVEs: CVE-2021-25742

Private IP addresses Disclosure

Reported by: iwiwwooqo | Disclosed:

Weakness: Information Disclosure

Unsecured Grafana instance on https://monitoring.prow-canary.k8s.io/dashboards

Reported by: zevfw5pp | Disclosed:

High

Weakness: Improper Authentication - Generic

Ingress nginx annotation injection causes arbitrary command execution

Reported by: suanve | Disclosed:

High

Weakness: Code Injection

Bounty: $2500.00

CVEs: CVE-2021-25746 CVE-2021-25742

SSRF for kube-apiserver cloudprovider scene

Reported by: lazydog | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

Reported by: tomerpeled92 | Disclosed:

High

Weakness: Code Injection

Bounty: $5000.00

CVEs: CVE-2023-5528

Plaintext storage of a password on kubernetes release bucket

Reported by: riramar | Disclosed:

Weakness: Plaintext Storage of a Password

Code inject via nginx.ingress.kubernetes.io/permanent-redirect annotation

Reported by: jkroepke | Disclosed:

High

Weakness: Code Injection

Bounty: $2500.00

csi-snapshot-controller crashes when processing VolumeSnapshot with non-existing PVC

Reported by: jsafrane | Disclosed:

Medium

Weakness: NULL Pointer Dereference

Route53 Subdomain Takeover on test-cncf-aws.canary.k8s.io

Reported by: rhynorater | Disclosed:

High

Weakness: Misconfiguration

Code Injection via Insecure Yaml.load

Reported by: r44mb00 | Disclosed:

Low

Weakness: Code Injection

Bounty: $250.00

Username enumeration via Openssh 7.6

Reported by: dre4dpir4terob3rts | Disclosed:

Medium

Compromise of auth via subset/superset namespace names.

Reported by: alex_orange | Disclosed:

Medium

Weakness: Authentication Bypass Using an Alternate Path or Channel

Configuartion [Sensitive] Information Disclosure

Reported by: barsainya | Disclosed:

Weakness: Information Disclosure

Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token

Reported by: gaffy | Disclosed:

High

Weakness: Privilege Escalation

Bounty: $2500.00

SSRF vulnerability can be exploited when a hijacked aggregated api server such as metrics-server returns 30X

Reported by: weinongw | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $1000.00

Development Application Credentials + Information Exposed

Reported by: lmhu | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

XSS on kubernetes-csi.github.io (mdBook)

Reported by: vavkamil | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

CVEs: CVE-2020-26297

The `io.kubernetes.client.util.generic.dynamic.Dynamics` contains a code execution vulnerability due to SnakeYAML

Reported by: jlleitschuh | Disclosed:

Medium

Weakness: Code Injection

Bounty: $1000.00

CVEs: CVE-2022-1471

Page 1 of 4 Next