5 CVEs categorized as CWE-284 — Improper Access Control in Kubernetes.
CVE-2025-24313MEDIUM2025
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-29990CRITICAL2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21376CRITICAL2024
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2023-24425MEDIUM2023
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
CVE-2021-25749HIGH2021
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.