What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-10 17:37:33 | GCP-2023-030 (lien direct) | Publié: 2023-10-10 Description | Vulnerability | Uber | |
|
2023-09-06 17:35:09 | GCP-2023-026 (lien direct) | Publié: 2023-09-06 Description Description Gravité notes Trois vulnérabilités (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) ont été découvertes à Kubernetes où un utilisateur qui peut créer des gods sur les nœuds Windows peutêtre en mesure de dégénérer pour les privilèges d'administration sur ces nœuds.Ces vulnérabilités affectent les versions Windows de Kubelet et le proxy Kubernetes CSI. Pour les instructions et plus de détails, consultez les bulletins suivants: Bulletin de sécurité gke clusters anthos sur le bulletin de sécurité VMware grappes anthos sur le bulletin de sécurité AWS anthos sur le bulletin de sécurité azur anthos sur le bulletin de sécurité en métal nu High CVE-2023-3676 , CVE-2023-3955 , cve-2023-3893 Published: 2023-09-06Description Description Severity Notes Three vulnerabilities (CVE-2023-3676, CVE-2023-3955, CVE-2023-3893) have been discovered in Kubernetes where a user that can create Pods on Windows nodes may be able to escalate to admin privileges on those nodes. These vulnerabilities affect the Windows versions of Kubelet and the Kubernetes CSI proxy. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2023-3676, CVE-2023-3955, CVE-2023-3893 | Vulnerability | Uber | ★★ |
|
2023-06-27 14:55:00 | (Déjà vu) GCP-2023-018 (lien direct) | Publié: 2023-06-27 Description | Vulnerability | Uber | ★★ |
|
2023-06-26 18:49:48 | GCP-2023-017 (lien direct) | Publié: 2023-06-26 Description | Vulnerability | Uber | ★★ |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-021 (lien direct) | Published: 2022-10-27Updated: 2022-12-15Description Description Severity Notes 2022-12-15 Update: Updated information that version 1.21.14-gke.9400 of Google Kubernetes Engine is pending rollout and may be superseded by a higher version number. 2022-11-22 Update: Added patch versions for Anthos clusters on VMware, Anthos clusters on AWS, and Anthos on Azure. A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the following bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-3176 | Vulnerability Guideline | Uber | ★★★ |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-012 (lien direct) | Published: 2022-04-07 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: For GKE clusters in both modes, Standard and Autopilot, workloads using GKE Sandbox are unaffected. A security vulnerability, CVE-2022-0847, has been discovered in the Linux kernel version 5.8 and later that can potentially escalate container privileges to root. This vulnerability affects the following products: GKE node pool versions 1.22 and later that use Container-Optimized OS images (Container-Optimized OS 93 and later) Anthos clusters on VMware v1.10 for Container-Optimized OS images Anthos clusters on AWS v1.21 and Anthos clusters on AWS (previous generation) v1.19, v1.20, v1.21, which use Ubuntu Managed clusters of Anthos on Azure v1.21 which use Ubuntu For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-0847 | Vulnerability | Uber | ★★★ |
|
2022-12-21 17:12:56 | GCP-2022-013 (lien direct) | Published: 2022-04-11 Updated: 2022-04-22Description Description Severity Notes A security vulnerability, CVE-2022-23648, has been discovered in containerd's handling of path traversal in the OCI image volume specification. Containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain full read access to arbitrary files and directories on the host. This vulnerability may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy). For instructions and more details, see the following security bulletins: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin Medium CVE-2022-23648 | Vulnerability | Uber | ★★★ |
|
2022-12-21 17:12:56 | (Déjà vu) GCP-2022-017 (lien direct) | Published: 2022-06-29 Updated: 2022-11-22Description Description Severity Notes 2022-11-22 Update: Workloads using GKE Sandbox are not affected by these vulnerabilities. 2022-07-21 Update: additional information on Anthos clusters on VMware. A new vulnerability (CVE-2022-1786) has been discovered in the Linux kernel versions 5.10 and 5.11. This vulnerability allows an unprivileged user with local access to the cluster to achieve a full container breakout to root on the node. Only clusters that run Container-Optimized OS are affected. GKE Ubuntu versions use either version 5.4 or 5.15 of the kernel and are not affected. For instructions and more details, see the: GKE security bulletin Anthos clusters on VMware security bulletin Anthos clusters on AWS security bulletin Anthos on Azure security bulletin Anthos on bare metal security bulletin High CVE-2022-1786 | Vulnerability | Uber | ★★★ |
1
We have: 8 articles.
We have: 8 articles.
To see everything:
Our RSS (filtrered)
