Skip to content

Instantly share code, notes, and snippets.

@dlorenc

dlorenc/kubernetes snyk

Last active December 19, 2020 14:00
Show Gist options
  • Save dlorenc/da7290112dd7cfeda877fa2f8b43a11d to your computer and use it in GitHub Desktop.
Save dlorenc/da7290112dd7cfeda877fa2f8b43a11d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kubernetes snyk
✗ Low severity vulnerability found in k8s.io/kubernetes
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOUTILJSONPATH-597671
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.19.0-rc.4
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Man-in-the-Middle (MitM)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-1048855
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Directory Traversal
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-50019
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.1.1
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGCREDENTIALPROVIDER-1048993
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.21.0-alpha.0
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Credential Exposure
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMEAZUREFILE-1015599
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.18.0
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Credential Exposure
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMECEPHFS-1015598
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.18.0
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Server Side Request Forgery (SSRF)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMEGLUSTERFS-575597
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.18.1, 1.17.4, 1.16.9, 1.15.12
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Server Side Request Forgery (SSRF)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMEQUOBYTE-575596
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.18.1, 1.17.4, 1.16.9, 1.15.12
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Improper Output Neutralization for Logs
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMERBD-1018858
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.20.0-alpha.2
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMERBD-1048859
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.20.0-alpha.2
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Server Side Request Forgery (SSRF)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMESCALEIO-575599
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.18.1, 1.17.4, 1.16.9, 1.15.12
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Improper Output Neutralization for Logs
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOTRANSPORT-1018856
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.20.0-alpha.2
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOTRANSPORT-1048853
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.21.0-alpha.0
✗ High severity vulnerability found in k8s.io/kubernetes
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGAPISERVER-174807
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.2.0-alpha.6
✗ High severity vulnerability found in k8s.io/kubernetes
Description: Symlink Attack
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESPKGKUBECTLCMDCP-174801
Introduced through: k8s.io/[email protected]
From: k8s.io/[email protected]
Fixed in: 1.11.9, 1.12.7, 1.13.5
✗ High severity vulnerability found in github.com/satori/go.uuid
Description: Insecure Randomness
Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
Introduced through: k8s.io/legacy-cloud-providers/azure@unknown
From: k8s.io/legacy-cloud-providers/azure@unknown > github.com/Azure/azure-sdk-for-go/storage@unknown > github.com/satori/[email protected]
✗ High severity vulnerability found in github.com/dgrijalva/jwt-go
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
Introduced through: github.com/heketi/heketi/client/api/go-client@unknown, k8s.io/apiserver/pkg/storage/etcd3/testing@unknown
From: github.com/heketi/heketi/client/api/go-client@unknown > github.com/dgrijalva/[email protected]
From: k8s.io/apiserver/pkg/storage/etcd3/testing@unknown > go.etcd.io/etcd/integration@unknown > go.etcd.io/etcd/etcdserver/api/v3rpc@unknown > go.etcd.io/etcd/mvcc@unknown > go.etcd.io/etcd/auth@unknown > github.com/dgrijalva/[email protected]
Fixed in: 4.0.0-preview1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment