Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Kubernetes - HackerOne Reports

View on HackerOne

75

Total Reports

0

Critical

14

High

33

Medium

17

Low

Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests

Reported by: mr_incompetent | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Grafana Improper authorization

Reported by: lazydog | Disclosed:

Low

Weakness: Improper Authorization

kubeadm logs tokens before deleting them

Reported by: mlevesquedion | Disclosed:

Low

Weakness: Insufficiently Protected Credentials

Tokenless GUI Authentication

Reported by: seanland | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Git Arg Injection in kubernetes-sigs/release-sdk

Reported by: snoopysecurity | Disclosed:

Low

Bounty: $100.00

Blind SSRF on velodrome.canary.k8s.io

Reported by: rhynorater | Disclosed:

Low

Weakness: Server-Side Request Forgery (SSRF)

Kubelet follows symlinks as root in /var/log from the /logs server endpoint

Reported by: danielsagi | Disclosed:

Medium

Weakness: Privilege Escalation

SHA512 incorrect on most/many releases

Reported by: ronald_petty | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Node Validation Admission does not observe all oldObject fields

Reported by: ariellima | Disclosed:

Medium

Weakness: Improper Access Control - Generic

API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint

Reported by: bradgeesaman | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

monitoring.prow-canary.k8s.io is vulnerable to CVE-2022-21703 (Grafana 0-day)

Reported by: jub0bs | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $100.00

CVEs: CVE-2022-21703

Hard coded Username and password in GiHub commit

Reported by: njaysec | Disclosed:

Weakness: Use of Hard-coded Credentials

Bypass validation parts in AWS IAM Authenticator for Kubernetes

Reported by: gaffy | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $2500.00

csi-snapshot-controller crashes when processing VolumeSnapshot with non-existing PVC

Reported by: piqin | Disclosed:

Medium

Weakness: NULL Pointer Dereference

Bounty: $500.00

secret leaks in vsphere cloud controller manager log

Reported by: derek0405 | Disclosed:

Medium

Weakness: Cleartext Storage of Sensitive Information

Previous Page 4 of 4