Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track kubernetes cves every month #117

Open
pacoxu opened this issue Jan 14, 2022 · 2 comments
Open

Track kubernetes cves every month #117

pacoxu opened this issue Jan 14, 2022 · 2 comments

Comments

@pacoxu
Copy link
Member

pacoxu commented Jan 14, 2022

What would you like to be added?

kubernetes/sig-security#1
It would be continuous work. The list would be helpful.

Why is this needed?

https://github.com/ismyk8ssecure/ismyk8ssecure
可以参考
@sbs2001
Copy link

sbs2001 commented Jan 30, 2022

Hey @pacoxu thanks for mentioning ismyk8ssecure . As a side note the data is mostly manually curated because k8s doesn't provide it in structured fashion anywhere currently. I will be updating the data after CVE or new release of k8s is released.

@pacoxu
Copy link
Member Author

pacoxu commented Mar 2, 2022

@sbs2001

CVE-2022-0185 is a Linux CVE for 5.1-rc1 and was fixed recently. It would be great to detect such case in your tool.

  • check kube version
  • check components version
  • check kernel version as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pacoxu @sbs2001