Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-10-10 17:37:33 |
GCP-2023-030 (lien direct) |
Publié: 2023-10-10 Description |
Vulnerability
|
Uber
|
|
|
2023-09-06 17:35:09 |
GCP-2023-026 (lien direct) |
Publié: 2023-09-06 Description
Description
Gravité
notes
Trois vulnérabilités (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) ont été découvertes à Kubernetes où un utilisateur qui peut créer des gods sur les nœuds Windows peutêtre en mesure de dégénérer pour les privilèges d'administration sur ces nœuds.Ces vulnérabilités affectent les versions Windows de Kubelet et le proxy Kubernetes CSI. Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité gke
clusters anthos sur le bulletin de sécurité VMware
grappes anthos sur le bulletin de sécurité AWS
anthos sur le bulletin de sécurité azur
anthos sur le bulletin de sécurité en métal nu
High
CVE-2023-3676 , CVE-2023-3955 , cve-2023-3893
Published: 2023-09-06Description
Description
Severity
Notes
Three vulnerabilities (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) have been discovered in Kubernetes where a user that can create Pods on Windows nodes may be able to escalate to admin privileges on those nodes. These vulnerabilities affect the Windows versions of Kubelet and the Kubernetes CSI proxy. For instructions and more details, see the following bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2023-3676, CVE-2023-3955, CVE-2023-3893
|
Vulnerability
|
Uber
|
★★
|
|
2023-06-27 14:55:00 |
(Déjà vu) GCP-2023-018 (lien direct) |
Publié: 2023-06-27 Description |
Vulnerability
|
Uber
|
★★
|
|
2023-06-26 18:49:48 |
GCP-2023-017 (lien direct) |
Publié: 2023-06-26 Description |
Vulnerability
|
Uber
|
★★
|
|
2023-06-15 19:06:42 |
GCP-2023-014 (lien direct) |
Publié: 2023-06-15 Description |
|
Uber
|
★★
|
|
2022-12-21 17:12:56 |
GCP-2022-013 (lien direct) |
Published: 2022-04-11 Updated: 2022-04-22Description
Description
Severity
Notes
A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). For instructions and more details, see the following security bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
Medium
CVE-2022-23648
|
Vulnerability
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
(Déjà vu) GCP-2022-021 (lien direct) |
Published: 2022-10-27Updated: 2022-12-15Description
Description
Severity
Notes
2022-12-15 Update: Updated information that version 1.21.14-gke.9400 of Google Kubernetes Engine is pending rollout and may be superseded by a higher version number. 2022-11-22 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-3176
|
Guideline
Vulnerability
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2022-011 (lien direct) |
Published: 2022-03-22 Updated: 2022-08-11Description
Description
Severity
Update 2022-08-11: Added more information about the Simultaneous Multi-Threading (SMT) configuration. SMT was intended to be disabled, but was enabled on the versions listed. If you manually enabled SMT for a sandboxed node pool, SMT will remain manually enabled despite this issue. There is a misconfiguration with Simultaneous Multi-Threading (SMT), also known as Hyper-threading, on GKE Sandbox images. The misconfiguration leaves nodes potentially exposed to side channel attacks such as Microarchitectural Data Sampling (MDS) (for more context, see GKE Sandbox documentation). We do not recommend using the following affected versions: 1.22.4-gke.1501
1.22.6-gke.300
1.23.2-gke.300
1.23.3-gke.600 For instructions and more details, see the: GKE security bulletin.
Medium
|
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
(Déjà vu) GCP-2022-012 (lien direct) |
Published: 2022-04-07 Updated: 2022-11-22Description
Description
Severity
Notes
2022-11-22 Update: For GKE clusters in both modes, Standard and Autopilot, workloads using GKE Sandbox are unaffected. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later)
Anthos clusters on VMware v1.10 for Container-Optimized OS images
Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu
Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-0847
|
Vulnerability
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
(Déjà vu) GCP-2022-017 (lien direct) |
Published: 2022-06-29 Updated: 2022-11-22Description
Description
Severity
Notes
2022-11-22 Update: Workloads using GKE Sandbox are not affected by these vulnerabilities. 2022-07-21 Update: additional information on Anthos clusters on VMware. A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-1786
|
Vulnerability
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2022-014 (lien direct) |
Published: 2022-04-26 Updated: 2022-11-22Description
Description
Severity
Notes
2022-11-22 Update: GKE Autopilot clusters and workloads running in GKE Sandbox are unaffected. 2022-05-12 Update: The Anthos clusters on AWS and Anthos on Azure versions have been updated. For instructions and more details, see the:Anthos clusters on AWS security bulletin
Anthos on bare metal security bulletin
Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the following security bulletins: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on Azure security bulletin
Anthos on bare metal security bulletin
High
CVE-2022-1055 CVE-2022-27666
|
Guideline
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2022-002 (lien direct) |
Published:Updated:Description
Description
Severity
Notes
2022-02-25 Update: The GKE versions have been updated. For instructions and more details, see the: GKE security bulletin 2022-02-23 Update: The GKE and Anthos clusters on VMware versions have been updated. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin 2022-02-04 Update: The rollout start date for GKE patch versions was February 2. Note: Your clusters might not have these versions available immediately. Rollouts began on February 2 and take four or more business days to be completed across all Google Cloud zones. Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all node operating systems (COS and Ubuntu) on GKE, Anthos clusters on VMware, Anthos clusters on AWS (current and previous generation), and Anthos on Azure. Pods using GKE Sandbox are not vulnerable to these vulnerabilities. See the COS release notes for more details. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin
High
CVE-2021-4154
CVE-2021-22600
CVE-2022-0185
|
Guideline
|
Uber
|
★★★
|
|
2022-12-21 17:12:56 |
GCP-2021-021 (lien direct) |
Published:Description
Description
Severity
Notes
A security vulnerability, CVE-2020-8561, has been discovered in Kubernetes where certain webhooks can be made to redirect kube-apiserver requests to private networks of that API server. For instructions and more details, see the: GKE security bulletin
Anthos clusters on VMware security bulletin
Anthos clusters on AWS security bulletin
Anthos on bare metal security bulletin
Medium
CVE-2020-8561
|
|
Uber
|
★★★
|