Reviewing CVEs and security audits for Kubernetes
Kubernetes has encountered several Common Vulnerabilities and Exposures (CVEs) in its storied history. The MITRE CVE database, at the time of writing, lists 73 CVE announcements from 2015 to 2020 when searching for kubernetes
. Each one of these is related either directly to Kubernetes, or to a common open source solution that runs on Kubernetes (like the NGINX ingress controller, for instance).
Several of these were critical enough to require hotfixes to the Kubernetes source, and thus they list the affected versions in the CVE description. A full list of all CVEs related to Kubernetes can be found at https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=kubernetes. To give you an idea of some of the issues that have been found, let's review a few of these CVEs in chronological order.
Understanding CVE-2016-1905 – Improper admission control
This CVE was one of the first major security issues with production Kubernetes...