pkg:Debian/kubernetes

All known vulnerabilities

• CRITICAL9.8CVE-2018-1002105Privilege Escalation in Kubernetes in github.com/kubernetes/kubernetes
  from 0, < 1.17.4-1
• CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
  from 0, < 1.5.5+dfsg-1
• CRITICAL9.6In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with…
  from 0, < 1.7.16+dfsg-1
• HIGH8.8Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation in github.com/kubernetes-csi/csi-proxy
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.8Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.8Improper Authentication in Kubernetes in k8s.io/kubernetes
  from 0, < 1.18.5-1
• HIGH8.2A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL.
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.2The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port.
  from 0, < 1.17.4-1
• HIGH8.1Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.1Kubernetes kube-apiserver unauthorized access
  from 0, < 1.17.4-1
• HIGH8.1Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• HIGH8.1It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name f…
  from 0, < 1.5.5+dfsg-1
• HIGH7.5XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
  from 0, < 1.17.4-1
• HIGH7.5Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects K…
  from 0, < 1.17.4-1
• MEDIUM6.8Privilege Escalation in Kubernetes in k8s.io/apimachinery
  from 0, < 1.18.5-1
• MEDIUM6.7Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5Kubernetes vulnerable to path traversal in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
  from 0, < 1.17.4-1
• MEDIUM6.5Kubernetes DoS Vulnerability in k8s.io/kubernetes
  from 0, < 1.17.4-1
• MEDIUM6.5Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
  from 0, < 1.17.4-1
• MEDIUM6.5Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM6.5The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure log…
  from 0, < 1.18.0-1
• MEDIUM6.3Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
  from 0, < 1.18.2-1
• MEDIUM6.2Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM5.8Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM5.6Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
  from 0, < 1.7.16+dfsg-1
• MEDIUM5.5Denial of service in Kubernetes in k8s.io/kubernetes
  from 0, < 1.18.5-1
• MEDIUM5.5Kubernetes arbitrary file overwrite in k8s.io/kubernetes
  from 0, < 1.17.4-1
• MEDIUM5.3Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
  from 0, < 1.19.3-1
• MEDIUM5.3Kubernetes API Server DoS Via API Requests
  from 0, < 1.17.4-1
• MEDIUM5.0Unverified Ownership in Kubernetes
  from 0, < 1.31.4+ds-1
• MEDIUM4.8Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM4.7Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
  from 0, < 1.20.0-1
• MEDIUM4.7Sensitive information leak via log file in k8s.io/kubernetes
  from 0, < 1.19.3-1
• MEDIUM4.4Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• MEDIUM4.3Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
  from 0, < 1.17.4-1
• MEDIUM4.1Confused Deputy in Kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW3.1Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW3.1WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW3.1Confused Deputy in Kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW3.0ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
  from 0
• LOW2.7Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW2.7Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
  from 0, < 1.20.5+really1.20.2-1
• LOW2.6Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to r…
  from 0, < 1.17.4-1