Kubernetes

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

Published: 2026-04-21T20:38:28.573Z
Updated: 2026-04-23T03:56:07.946Z

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: 2026-02-04T15:15:36.466Z
Updated: 2026-02-04T15:58:22.668Z

A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.

Published: 2025-10-22T14:26:22.857Z
Updated: 2026-02-26T16:57:13.694Z

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

Published: 2024-04-22T23:00:39.702Z
Updated: 2024-09-10T20:48:09.780Z

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

Published: 2021-09-20T17:05:18.065Z
Updated: 2026-06-01T21:45:55.645Z

It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.

Published: 2018-09-10T14:00:00.000Z
Updated: 2024-08-06T01:50:47.447Z

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

Published: 2016-02-03T15:00:00.000Z
Updated: 2024-08-05T23:10:40.116Z

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

Published: 2016-02-03T15:00:00.000Z
Updated: 2024-08-05T23:10:40.348Z

Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.

Published: 2017-08-07T17:00:00.000Z
Updated: 2024-08-06T07:51:28.614Z