Issues: kubernetes/kubernetes
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Kubernetes 3rd Party Security Audit Findings
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/security
Categorizes an issue or PR as relevant to SIG Security.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81146
opened Aug 8, 2019 by
cji
TOB-K8S-010: Hardcoded use of insecure gRPC transport
area/security
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/auth
Categorizes an issue or PR as relevant to SIG Auth.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
sig/storage
Categorizes an issue or PR as relevant to SIG Storage.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81142
opened Aug 8, 2019 by
cji
TOB-K8S-017: Use standard formats everywhere
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/awaiting-more-evidence
Lowest priority. Possibly useful, but not yet enough support to actually get it done.
sig/auth
Categorizes an issue or PR as relevant to SIG Auth.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81140
opened Aug 8, 2019 by
cji
TOB-K8S-033: Services use questionable default functions
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81138
opened Aug 8, 2019 by
cji
TOB-K8S-016: Unsafe JSON construction
area/security
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-soon
Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
sig/apps
Categorizes an issue or PR as relevant to SIG Apps.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81134
opened Aug 8, 2019 by
cji
TOB-K8S-008: Arbitrary file paths without bounding
area/security
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81133
opened Aug 8, 2019 by
cji
TOB-K8S-007: Log rotation is not atomic
area/security
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81132
opened Aug 8, 2019 by
cji
TOB-K8S-024: kubelet liveness probes can be used to enumerate host network
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81129
opened Aug 8, 2019 by
cji
TOB-K8S-029: Encryption recommendations not in accordance with best practices
area/security
kind/bug
Categorizes issue or PR as related to a bug.
kind/documentation
Categorizes issue or PR as related to documentation.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
sig/auth
Categorizes an issue or PR as relevant to SIG Auth.
sig/docs
Categorizes an issue or PR as relevant to SIG Docs.
sig/security
Categorizes an issue or PR as relevant to SIG Security.
sig/storage
Categorizes an issue or PR as relevant to SIG Storage.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81127
opened Aug 8, 2019 by
cji
TOB-K8S-021: Improper fetching of PIDs allows incorrect cgroup movement
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81124
opened Aug 8, 2019 by
cji
TOB-K8S-020: Kubectl can cause a local Out Of Memory error with a malicious Pod specification
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
sig/cli
Categorizes an issue or PR as relevant to SIG CLI.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81123
opened Aug 8, 2019 by
cji
TOB-K8S-013: Use of InsecureSkipVerify and other TLS weaknesses
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/auth
Categorizes an issue or PR as relevant to SIG Auth.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81119
opened Aug 8, 2019 by
cji
TOB-K8S-012: Use of InsecureIgnoreHostKey in SSH connections
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81118
opened Aug 8, 2019 by
cji
TOB-K8S-004: Pervasive world-accessible file permissions
area/security
good first issue
Denotes an issue ready for a new contributor, according to the "help wanted" guidelines.
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
sig/storage
Categorizes an issue or PR as relevant to SIG Storage.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81116
opened Aug 8, 2019 by
cji
TOB-K8S-022: TOCTOU when moving PID to manager’s cgroup via kubelet
area/kubelet
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/node
Categorizes an issue or PR as relevant to SIG Node.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81113
opened Aug 8, 2019 by
cji
TOB-K8S-034: HTTPS connections are not authenticated
area/security
kind/bug
Categorizes issue or PR as related to a bug.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
sig/auth
Categorizes an issue or PR as relevant to SIG Auth.
wg/security-audit
Categorizes an issue or PR as relevant to WG Security Audit.
#81112
opened Aug 8, 2019 by
cji
ProTip!
Add no:assignee to see everything that’s not assigned.