pkg:Debian/kubernetes

49 total CVEsCRITICAL3HIGH13MEDIUM26LOW7

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2018-1002105Privilege Escalation in Kubernetes in github.com/kubernetes/kubernetes
    from 0, < 1.17.4-1
  • CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
    from 0, < 1.5.5+dfsg-1
  • CRITICAL9.6CVE-2017-1002101In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with…
    from 0, < 1.7.16+dfsg-1
  • HIGH8.8CVE-2023-3893Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation in github.com/kubernetes-csi/csi-proxy
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.8CVE-2023-3955Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.8CVE-2023-3676Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.8CVE-2022-3294Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.8CVE-2020-8558Improper Authentication in Kubernetes in k8s.io/kubernetes
    from 0, < 1.18.5-1
  • HIGH8.2CVE-2022-3172A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL.
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.2CVE-2019-11248The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port.
    from 0, < 1.17.4-1
  • HIGH8.1CVE-2024-10220Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.1CVE-2019-11247Kubernetes kube-apiserver unauthorized access
    from 0, < 1.17.4-1
  • HIGH8.1CVE-2021-25741Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • HIGH8.1CVE-2016-7075It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name f…
    from 0, < 1.5.5+dfsg-1
  • HIGH7.5CVE-2019-11253XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
    from 0, < 1.17.4-1
  • HIGH7.5CVE-2019-9946Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects K…
    from 0, < 1.17.4-1
  • MEDIUM6.8CVE-2020-8559Privilege Escalation in Kubernetes in k8s.io/apimachinery
    from 0, < 1.18.5-1
  • MEDIUM6.7CVE-2025-5187Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2025-1767Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2023-2727Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2023-2728Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2022-3162Kubernetes vulnerable to path traversal in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2019-11250Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
    from 0, < 1.17.4-1
  • MEDIUM6.5CVE-2019-1002100Kubernetes DoS Vulnerability in k8s.io/kubernetes
    from 0, < 1.17.4-1
  • MEDIUM6.5CVE-2019-11254Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2
    from 0, < 1.17.4-1
  • MEDIUM6.5CVE-2021-25735Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM6.5CVE-2019-11252The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure log…
    from 0, < 1.18.0-1
  • MEDIUM6.3CVE-2020-8555Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
    from 0, < 1.18.2-1
  • MEDIUM6.2CVE-2025-0426Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM5.8CVE-2025-13281Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM5.6CVE-2017-1002102Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
    from 0, < 1.7.16+dfsg-1
  • MEDIUM5.5CVE-2020-8557Denial of service in Kubernetes in k8s.io/kubernetes
    from 0, < 1.18.5-1
  • MEDIUM5.5CVE-2018-1002100Kubernetes arbitrary file overwrite in k8s.io/kubernetes
    from 0, < 1.17.4-1
  • MEDIUM5.3CVE-2020-8566Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
    from 0, < 1.19.3-1
  • MEDIUM5.3CVE-2020-8552Kubernetes API Server DoS Via API Requests
    from 0, < 1.17.4-1
  • MEDIUM5.0CVE-2020-8554Unverified Ownership in Kubernetes
    from 0, < 1.31.4+ds-1
  • MEDIUM4.8CVE-2021-25737Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM4.7CVE-2020-8565Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
    from 0, < 1.20.0-1
  • MEDIUM4.7CVE-2020-8564Sensitive information leak via log file in k8s.io/kubernetes
    from 0, < 1.19.3-1
  • MEDIUM4.4CVE-2023-2431Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • MEDIUM4.3CVE-2020-8551Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
    from 0, < 1.17.4-1
  • MEDIUM4.1CVE-2020-8561Confused Deputy in Kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW3.1CVE-2024-7598Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW3.1CVE-2020-8562WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW3.1CVE-2021-25740Confused Deputy in Kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW3.0CVE-2021-25743ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
    from 0
  • LOW2.7CVE-2025-4563Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW2.7CVE-2024-3177Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
    from 0, < 1.20.5+really1.20.2-1
  • LOW2.6CVE-2018-1002102Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to r…
    from 0, < 1.17.4-1