Kubernetes Multiple Vulnerabilities
Release Date:
25 Mar 2025
1548
Views
RISK: Medium Risk
TYPE: Operating Systems - Application Platforms
Multiple vulnerabilities were identified in Kubernetes. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and remote code execution on the targeted system.
Impact
- Information Disclosure
- Remote Code Execution
- Denial of Service
System / Technologies affected
- Kubernetes Ingress NGINX Controller v1.12.0, v1.11.0 - 1.11.4 and All versions prior to v1.11.0
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- Update to Kubernetes Ingress NGINX Controller v1.11.5, v1.12.1, or any later version
Vulnerability Identifier
Source
Related Link
- https://kubernetes.io/docs/reference/issues-security/official-cve-feed/
- https://discuss.kubernetes.io/t/security-advisory-multiple-vulnerabilities-in-ingress-nginx/31950
- https://github.com/kubernetes/kubernetes/issues/131005
- https://github.com/kubernetes/kubernetes/issues/131006
- https://github.com/kubernetes/kubernetes/issues/131007
- https://github.com/kubernetes/kubernetes/issues/131008
- https://github.com/kubernetes/kubernetes/issues/131009
Share with