Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Kubernetes - HackerOne Reports

View on HackerOne

75

Total Reports

0

Critical

14

High

33

Medium

17

Low

RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field

Reported by: ginoah | Disclosed:

High

Weakness: Code Injection

Bounty: $2500.00

Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers

Reported by: 0xlegendkiller | Disclosed:

Low

Weakness: Insecure Temporary File

Bounty: $100.00

File Read Vulnerability allows Attackers to Compromise S3 buckets using Prow

Reported by: stealthy | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $250.00

Internal IP addresses range and AWS cluster region leaked in a Github repository

Reported by: njaysec | Disclosed:

Weakness: Insecure Storage of Sensitive Information

Compromise of node can lead to compromise of pods on other nodes

Reported by: wtm | Disclosed:

Medium

Bypass apiserver proxy filter

Reported by: javierprovecho | Disclosed:

Medium

Weakness: Time-of-check Time-of-use (TOCTOU) Race Condition

Man in the middle using LoadBalancer or ExternalIPs services

Reported by: champtar | Disclosed:

Medium

Weakness: Man-in-the-Middle

Fake email from <any_name>@kubernetes.io to any other email

Reported by: lamscun | Disclosed:

CVE-2019-11250 remains in effect.

Reported by: purelyapplied | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

CVEs: CVE-2019-11250

Node disk DOS by writing to container /etc/hosts

Reported by: kebe | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $1000.00

Private RSA key and Server key exposed on the GitHub repository

Reported by: njaysec | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

DoS for client-go jsonpath func

Reported by: lazydog | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"

Reported by: codermak | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS

Reported by: codermak | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Broken Link Takeover from kubernetes.io docs

Reported by: codermak | Disclosed:

Low

Weakness: Improper Access Control - Generic

There is any issue No valid SPF Records

Reported by: blackviper21 | Disclosed:

Weakness: Improper Authentication - Generic

Attacker can bypass authentication build on ingress external auth (`nginx.ingress.kubernetes.io/auth-url`)

Reported by: thisbug | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Privilege Escalation in kOps using GCE/GCP Provider

Reported by: jpts | Disclosed:

High

Weakness: Privilege Escalation

Bounty: $2500.00

DoS for GCSArtifact.RealAll

Reported by: lazydog | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.

Reported by: reeverzax | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $5000.00

Previous Page 3 of 4 Next