pkg:Go/k8s.io/kubernetes

All known vulnerabilities

• CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
  >= 1.5.0, < 1.5.5
• CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
  >= 1.5.0, < 1.5.5
• HIGH8.8Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
  >= 1.28.0, < 1.28.4
• HIGH8.8Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
  from 0, < 1.25.16, >= 1.26.0, < 1.26.11, >= 1.27.0, < 1.27.8, >= 1.28.0, < 1.28.4
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
  from 0, < 1.24.17, >= 1.25.0, < 1.25.13, >= 1.26.0, < 1.26.8, >= 1.27.0, < 1.27.5, >= 1.28.0, < 1.28.1
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
  >= 1.28.0, < 1.28.1
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
  >= 1.28.0, < 1.28.1
• HIGH8.8Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
  from 0, < 1.24.17, >= 1.25.0, < 1.25.13, >= 1.26.0, < 1.26.8, >= 1.27.0, < 1.27.5, >= 1.28.0, < 1.28.1
• HIGH8.8Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
  >= 1.22.0, < 1.22.16, >= 1.23.0, < 1.23.14, >= 1.24.0, < 1.24.8, >= 1.25.0, < 1.25.4
• HIGH8.8Improper Authentication in Kubernetes in k8s.io/kubernetes
  from 0, < 1.16.11, >= 1.17.0, < 1.17.7, >= 1.18.0, < 1.18.4
• HIGH8.8Improper Authentication in Kubernetes in k8s.io/kubernetes
  >= 1.18.0, < 1.18.4
• HIGH8.1Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
  from 0, < 1.28.12, >= 1.29.0, < 1.29.7, >= 1.30.0, < 1.30.3
• HIGH8.1Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
  from 0, < 1.28.12
• HIGH8.1Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
  >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
• HIGH8.1Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
  >= 1.12.0, < 1.12.5
• HIGH8.1Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
  from 0, < 1.19.15, >= 1.20.0, < 1.20.11, >= 1.21.0, < 1.21.5, >= 1.22.0, < 1.22.2
• HIGH8.1Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
  from 0, < 1.19.15
• HIGH7.7Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
  from 0, < 1.27.0-alpha.1
• HIGH7.7Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
  from 0, < 1.27.0-alpha.1
• HIGH7.5XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
  >= 1.0.0, < 1.13.12
• HIGH7.5XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
  >= 1.0.0, < 1.13.12, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.5, >= 1.16.0, < 1.16.2
• MEDIUM6.8Privilege Escalation in Kubernetes in k8s.io/apimachinery
  from 0, < 1.16.13, >= 1.17.0, < 1.17.9, >= 1.18.0, < 1.18.7
• MEDIUM6.8Privilege Escalation in Kubernetes in k8s.io/apimachinery
  from 0, < 1.16.13
• MEDIUM6.7Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
  from 0, < 1.31.12, >= 1.32.0-alpha.0, < 1.32.8, >= 1.33.0-alpha.0, < 1.33.4
• MEDIUM6.7Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
  from 0, < 1.31.12
• MEDIUM6.5Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
  from 0, <= 1.32.3
• MEDIUM6.5Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
  from 0
• MEDIUM6.5Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
  from 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
• MEDIUM6.5Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
  >= 1.27.0, < 1.27.3
• MEDIUM6.5Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
  from 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
• MEDIUM6.5Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
  >= 1.27.0, < 1.27.3
• MEDIUM6.5Kubernetes vulnerable to path traversal in k8s.io/kubernetes
  >= 1.22.0, < 1.22.16, >= 1.23.0, < 1.23.14, >= 1.24.0, < 1.24.8, >= 1.25.0, < 1.25.4
• MEDIUM6.5Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
  from 0, < 1.16.0-beta.1
• MEDIUM6.5Kubernetes DoS Vulnerability in k8s.io/kubernetes
  >= 1.0.0, < 1.11.8, >= 1.12.0, < 1.12.6, >= 1.13.0, < 1.13.4
• MEDIUM6.5Kubernetes DoS Vulnerability in k8s.io/kubernetes
  >= 1.0.0, <= 1.10.14
• MEDIUM6.5Directory traversal in k8s.io/kubernetes
  from 0, < 1.1.1
• MEDIUM6.5Directory traversal in k8s.io/kubernetes
  from 0, < 1.1.1
• MEDIUM6.5Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
  >= 1.20.0, < 1.20.6
• MEDIUM6.5Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
  from 0, < 1.18.18, >= 1.19.0, < 1.19.10, >= 1.20.0, < 1.20.6
• MEDIUM6.3Sensitive Information leak for VSphere users via Log File in k8s.io/kubernetes
  from 0, < 1.19.3
• MEDIUM6.3Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
  from 0, < 1.15.12, >= 1.16.0, < 1.16.9, >= 1.17.0, < 1.17.4, >= 1.18.0, < 1.18.1
• MEDIUM6.3Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
  >= 1.18.0, < 1.18.1
• MEDIUM6.2Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
  from 0, < 1.29.14, >= 1.30.0, < 1.30.10, >= 1.31.0, < 1.31.6, >= 1.32.0, < 1.32.2
• MEDIUM6.2Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
  >= 1.32.0, < 1.32.2
• MEDIUM6.1Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
  from 0, < 1.27.16, >= 1.28.0, < 1.28.12, >= 1.29.0, < 1.29.7, >= 1.30.0, < 1.30.3
• MEDIUM6.1Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
  from 0, < 1.27.16
• MEDIUM5.9Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes
  from 0, < 1.29.13, >= 1.30.0-alpha.0, < 1.30.9, >= 1.31.0-alpha.0, < 1.31.5, >= 1.32.0-alpha.0, < 1.32.1
• MEDIUM5.9Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes
  from 0, < 1.29.13
• MEDIUM5.9Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
  >= 1.9.0, < 1.9.10, >= 1.10.0, < 1.10.6, >= 1.11.0, < 1.11.2
• MEDIUM5.9Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
  >= 1.9.0, < 1.9.10
• MEDIUM5.8Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
  from 0, < 1.32.10
• MEDIUM5.8Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
  from 0, < 1.32.10, >= 1.33.0-alpha.0, < 1.33.6, >= 1.34.0-alpha.0, < 1.34.2
• MEDIUM5.8Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
  from 0, < 1.21
• MEDIUM5.8Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
  from 0, < 1.21.0
• MEDIUM5.7Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
  >= 1.13.10, < 1.13.11, >= 1.14.6, < 1.14.7, >= 1.15.3, < 1.16.0
• MEDIUM5.7Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
  >= 1.13.10, < 1.13.11
• MEDIUM5.6Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
  >= 1.3.0, < 1.7.14, >= 1.8.0, < 1.8.9, >= 1.9.0, < 1.9.4
• MEDIUM5.6Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
  >= 1.3.0, < 1.7.14
• MEDIUM5.5Denial of service in Kubernetes in k8s.io/kubernetes
  >= 1.1.0, < 1.16.13, >= 1.17.0, < 1.17.9, >= 1.18.0, < 1.18.6
• MEDIUM5.5Kubernetes arbitrary file overwrite in k8s.io/kubernetes
  >= 1.5.0, < 1.9.6
• MEDIUM5.5Kubernetes arbitrary file overwrite in k8s.io/kubernetes
  >= 1.5.0-alpha.0, < 1.9.6
• MEDIUM5.5Symlink Attack in kubectl cp in k8s.io/kubernetes
  from 0, < 1.11.9, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.5
• MEDIUM5.5Symlink Attack in kubectl cp in k8s.io/kubernetes
  from 0, < 1.11.9
• MEDIUM5.3Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
  from 0, < 1.17.13, >= 1.18.0, < 1.18.10, >= 1.19.0, < 1.19.3
• MEDIUM5.0Unverified Ownership in Kubernetes
  from 0, <= 1.22.0
• MEDIUM4.9Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes
  >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.3
• MEDIUM4.8Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
  >= 1.16.0, < 1.18.19, >= 1.19.0, < 1.19.11, >= 1.20.0, < 1.20.7, >= 1.21.0, < 1.21.1
• MEDIUM4.8Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
  >= 1.16.0, < 1.18.19
• MEDIUM4.7Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
  from 0, < 1.20.0-alpha.2
• MEDIUM4.7Sensitive information leak via log file in k8s.io/kubernetes
  from 0, < 1.20.0-alpha.1
• MEDIUM4.7Sensitive information leak via log file in k8s.io/kubernetes
  from 0, < 1.20.0-alpha.1
• MEDIUM4.4Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
  from 0, < 1.24.14
• MEDIUM4.4Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
  from 0, < 1.24.14, >= 1.25.0, < 1.25.10, >= 1.26.0, < 1.26.5, >= 1.27.0, < 1.27.2
• MEDIUM4.3Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
  >= 1.15.0, < 1.15.10, >= 1.16.0, < 1.16.6, >= 1.17.0, < 1.17.2
• MEDIUM4.3Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
  >= 1.15.0, < 1.15.10
• MEDIUM4.1Confused Deputy in Kubernetes
  from 0, <= 1.22.2
• LOW3.1Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes
  >= 1.3.0
• LOW3.1Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
  from 0, < 1.2.0-alpha.6
• LOW3.1Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes
  from 0, < 1.2.0-alpha.6
• LOW3.1WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
  >= 1.21.0, <= 1.21.1
• LOW3.1WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
  from 0
• LOW3.1Confused Deputy in Kubernetes
  from 0, <= 1.22.2
• LOW3.0ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
  from 0, < 1.26.0-alpha.3
• LOW3.0ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
  from 0, < 1.26.0-alpha.3
• LOW2.7Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
  >= 1.32.0, < 1.32.6
• LOW2.7Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
  >= 1.32.0, < 1.32.6, >= 1.33.0, < 1.33.2
• LOW2.7Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
  from 0, < 1.27.13, >= 1.28.0, < 1.28.9, >= 1.29.0, < 1.29.4
• LOW2.7Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
  from 0, < 1.27.13