pkg:Go/k8s.io/kubernetes

88 total CVEsCRITICAL2HIGH19MEDIUM55LOW12

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
>= 1.5.0, < 1.5.5
CRITICAL9.8CVE-2017-1000056Kubernetes Privilege Escalation in k8s.io/kubernetes
>= 1.5.0, < 1.5.5
HIGH8.8CVE-2023-5528Kubernetes Improper Input Validation vulnerability
>= 1.28.0, < 1.28.4
HIGH8.8CVE-2023-5528Kubernetes Improper Input Validation vulnerability
from 0, < 1.25.16, >= 1.26.0, < 1.26.11, >= 1.27.0, < 1.27.8, >= 1.28.0, < 1.28.4
HIGH8.8CVE-2023-3955Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
from 0, < 1.24.17, >= 1.25.0, < 1.25.13, >= 1.26.0, < 1.26.8, >= 1.27.0, < 1.27.5, >= 1.28.0, < 1.28.1
HIGH8.8CVE-2023-3676Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
>= 1.28.0, < 1.28.1
HIGH8.8CVE-2023-3955Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes and k8s.io/mount-utils
>= 1.28.0, < 1.28.1
HIGH8.8CVE-2023-3676Insufficient input sanitization on Windows nodes leads to privilege escalation in k8s.io/kubernetes
from 0, < 1.24.17, >= 1.25.0, < 1.25.13, >= 1.26.0, < 1.26.8, >= 1.27.0, < 1.27.5, >= 1.28.0, < 1.28.1
HIGH8.8CVE-2022-3294Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
>= 1.22.0, < 1.22.16, >= 1.23.0, < 1.23.14, >= 1.24.0, < 1.24.8, >= 1.25.0, < 1.25.4
HIGH8.8CVE-2020-8558Improper Authentication in Kubernetes in k8s.io/kubernetes
from 0, < 1.16.11, >= 1.17.0, < 1.17.7, >= 1.18.0, < 1.18.4
HIGH8.8CVE-2020-8558Improper Authentication in Kubernetes in k8s.io/kubernetes
>= 1.18.0, < 1.18.4
HIGH8.1CVE-2024-10220Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
from 0, < 1.28.12, >= 1.29.0, < 1.29.7, >= 1.30.0, < 1.30.3
HIGH8.1CVE-2024-10220Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
from 0, < 1.28.12
HIGH8.1CVE-2019-11243Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
>= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
HIGH8.1CVE-2019-11243Kubernetes did not effectively clear service account credentials in k8s.io/kubernetes
>= 1.12.0, < 1.12.5
HIGH8.1CVE-2021-25741Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
from 0, < 1.19.15, >= 1.20.0, < 1.20.11, >= 1.21.0, < 1.21.5, >= 1.22.0, < 1.22.2
HIGH8.1CVE-2021-25741Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
from 0, < 1.19.15
HIGH7.7CVE-2024-0793Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
from 0, < 1.27.0-alpha.1
HIGH7.7CVE-2024-0793Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
from 0, < 1.27.0-alpha.1
HIGH7.5CVE-2019-11253XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
>= 1.0.0, < 1.13.12
HIGH7.5CVE-2019-11253XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
>= 1.0.0, < 1.13.12, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.5, >= 1.16.0, < 1.16.2
MEDIUM6.8CVE-2020-8559Privilege Escalation in Kubernetes in k8s.io/apimachinery
from 0, < 1.16.13, >= 1.17.0, < 1.17.9, >= 1.18.0, < 1.18.7
MEDIUM6.8CVE-2020-8559Privilege Escalation in Kubernetes in k8s.io/apimachinery
from 0, < 1.16.13
MEDIUM6.7CVE-2025-5187Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
from 0, < 1.31.12, >= 1.32.0-alpha.0, < 1.32.8, >= 1.33.0-alpha.0, < 1.33.4
MEDIUM6.7CVE-2025-5187Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes
from 0, < 1.31.12
MEDIUM6.5CVE-2025-1767Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
from 0, <= 1.32.3
MEDIUM6.5CVE-2025-1767Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
from 0
MEDIUM6.5CVE-2023-2728Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
from 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
MEDIUM6.5CVE-2023-2727Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
>= 1.27.0, < 1.27.3
MEDIUM6.5CVE-2023-2727Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes
from 0, < 1.24.15, >= 1.25.0, < 1.25.11, >= 1.26.0, < 1.26.6, >= 1.27.0, < 1.27.3
MEDIUM6.5CVE-2023-2728Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
>= 1.27.0, < 1.27.3
MEDIUM6.5CVE-2022-3162Kubernetes vulnerable to path traversal in k8s.io/kubernetes
>= 1.22.0, < 1.22.16, >= 1.23.0, < 1.23.14, >= 1.24.0, < 1.24.8, >= 1.25.0, < 1.25.4
MEDIUM6.5CVE-2019-11250Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
from 0, < 1.16.0-beta.1
MEDIUM6.5CVE-2019-1002100Kubernetes DoS Vulnerability in k8s.io/kubernetes
>= 1.0.0, < 1.11.8, >= 1.12.0, < 1.12.6, >= 1.13.0, < 1.13.4
MEDIUM6.5CVE-2019-1002100Kubernetes DoS Vulnerability in k8s.io/kubernetes
>= 1.0.0, <= 1.10.14
MEDIUM6.5CVE-2015-5305Directory traversal in k8s.io/kubernetes
from 0, < 1.1.1
MEDIUM6.5CVE-2015-5305Directory traversal in k8s.io/kubernetes
from 0, < 1.1.1
MEDIUM6.5CVE-2021-25735Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
>= 1.20.0, < 1.20.6
MEDIUM6.5CVE-2021-25735Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
from 0, < 1.18.18, >= 1.19.0, < 1.19.10, >= 1.20.0, < 1.20.6
MEDIUM6.3CVE-2020-8563Sensitive Information leak for VSphere users via Log File in k8s.io/kubernetes
from 0, < 1.19.3
MEDIUM6.3CVE-2020-8555Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
from 0, < 1.15.12, >= 1.16.0, < 1.16.9, >= 1.17.0, < 1.17.4, >= 1.18.0, < 1.18.1
MEDIUM6.3CVE-2020-8555Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
>= 1.18.0, < 1.18.1
MEDIUM6.2CVE-2025-0426Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
from 0, < 1.29.14, >= 1.30.0, < 1.30.10, >= 1.31.0, < 1.31.6, >= 1.32.0, < 1.32.2
MEDIUM6.2CVE-2025-0426Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
>= 1.32.0, < 1.32.2
MEDIUM6.1CVE-2024-5321Kubernetes sets incorrect permissions on Windows containers logs
from 0, < 1.27.16, >= 1.28.0, < 1.28.12, >= 1.29.0, < 1.29.7, >= 1.30.0, < 1.30.3
MEDIUM6.1CVE-2024-5321Kubernetes sets incorrect permissions on Windows containers logs
from 0, < 1.27.16
MEDIUM5.9CVE-2024-9042Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API
from 0, < 1.29.13, >= 1.30.0-alpha.0, < 1.30.9, >= 1.31.0-alpha.0, < 1.31.5, >= 1.32.0-alpha.0, < 1.32.1
MEDIUM5.9CVE-2024-9042Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API
from 0, < 1.29.13
MEDIUM5.9CVE-2018-1002101Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
>= 1.9.0, < 1.9.10, >= 1.10.0, < 1.10.6, >= 1.11.0, < 1.11.2
MEDIUM5.9CVE-2018-1002101Kubernetes Arbitrary Command Injection in k8s.io/kubernetes
>= 1.9.0, < 1.9.10
MEDIUM5.8CVE-2025-13281Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
from 0, < 1.32.10
MEDIUM5.8CVE-2025-13281Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
from 0, < 1.32.10, >= 1.33.0-alpha.0, < 1.33.6, >= 1.34.0-alpha.0, < 1.34.2
MEDIUM5.8CVE-2021-25736Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
from 0, < 1.21
MEDIUM5.8CVE-2021-25736Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes
from 0, < 1.21.0
MEDIUM5.7CVE-2019-11251Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
>= 1.13.10, < 1.13.11, >= 1.14.6, < 1.14.7, >= 1.15.3, < 1.16.0
MEDIUM5.7CVE-2019-11251Kubernetes kubectl cp Vulnerable to Symlink Attack in k8s.io/kubernetes
>= 1.13.10, < 1.13.11
MEDIUM5.6CVE-2017-1002102Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
>= 1.3.0, < 1.7.14, >= 1.8.0, < 1.8.9, >= 1.9.0, < 1.9.4
MEDIUM5.6CVE-2017-1002102Kubernetes can trigger deletion of arbitrary files from the nodes where containers are running in k8s.io/kubernetes
>= 1.3.0, < 1.7.14
MEDIUM5.5CVE-2020-8557Denial of service in Kubernetes in k8s.io/kubernetes
>= 1.1.0, < 1.16.13, >= 1.17.0, < 1.17.9, >= 1.18.0, < 1.18.6
MEDIUM5.5CVE-2018-1002100Kubernetes arbitrary file overwrite in k8s.io/kubernetes
>= 1.5.0, < 1.9.6
MEDIUM5.5CVE-2018-1002100Kubernetes arbitrary file overwrite in k8s.io/kubernetes
>= 1.5.0-alpha.0, < 1.9.6
MEDIUM5.5CVE-2019-1002101Symlink Attack in kubectl cp in k8s.io/kubernetes
from 0, < 1.11.9, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.5
MEDIUM5.5CVE-2019-1002101Symlink Attack in kubectl cp in k8s.io/kubernetes
from 0, < 1.11.9
MEDIUM5.3CVE-2020-8566Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
from 0, < 1.17.13, >= 1.18.0, < 1.18.10, >= 1.19.0, < 1.19.3
MEDIUM5.0CVE-2020-8554Unverified Ownership in Kubernetes
from 0, <= 1.22.0
MEDIUM4.9CVE-2019-11245Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes
>= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.3
MEDIUM4.8CVE-2021-25737Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
>= 1.16.0, < 1.18.19, >= 1.19.0, < 1.19.11, >= 1.20.0, < 1.20.7, >= 1.21.0, < 1.21.1
MEDIUM4.8CVE-2021-25737Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes
>= 1.16.0, < 1.18.19
MEDIUM4.7CVE-2020-8565Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
from 0, < 1.20.0-alpha.2
MEDIUM4.7CVE-2020-8564Sensitive information leak via log file in k8s.io/kubernetes
from 0, < 1.20.0-alpha.1
MEDIUM4.7CVE-2020-8564Sensitive information leak via log file in k8s.io/kubernetes
from 0, < 1.20.0-alpha.1
MEDIUM4.4CVE-2023-2431Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
from 0, < 1.24.14
MEDIUM4.4CVE-2023-2431Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
from 0, < 1.24.14, >= 1.25.0, < 1.25.10, >= 1.26.0, < 1.26.5, >= 1.27.0, < 1.27.2
MEDIUM4.3CVE-2020-8551Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
>= 1.15.0, < 1.15.10, >= 1.16.0, < 1.16.6, >= 1.17.0, < 1.17.2
MEDIUM4.3CVE-2020-8551Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes in k8s.io/kubernetes
>= 1.15.0, < 1.15.10
MEDIUM4.1CVE-2020-8561Confused Deputy in Kubernetes
from 0, <= 1.22.2
LOW3.1CVE-2024-7598Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes
>= 1.3.0
LOW3.1CVE-2015-7561Kubernetes in OpenShift3 Access Control Misconfiguration
from 0, < 1.2.0-alpha.6
LOW3.1CVE-2015-7561Kubernetes in OpenShift3 Access Control Misconfiguration
from 0, < 1.2.0-alpha.6
LOW3.1CVE-2020-8562WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
>= 1.21.0, <= 1.21.1
LOW3.1CVE-2020-8562WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
from 0
LOW3.1CVE-2021-25740Confused Deputy in Kubernetes
from 0, <= 1.22.2
LOW3.0CVE-2021-25743ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
from 0, < 1.26.0-alpha.3
LOW3.0CVE-2021-25743ANSI escape characters not filtered in kubectl in k8s.io/kubernetes
from 0, < 1.26.0-alpha.3
LOW2.7CVE-2025-4563Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
>= 1.32.0, < 1.32.6
LOW2.7CVE-2025-4563Kubernetes allows nodes to bypass dynamic resource allocation authorization checks in k8s.io/kubernetes
>= 1.32.0, < 1.32.6, >= 1.33.0, < 1.33.2
LOW2.7CVE-2024-3177Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
from 0, < 1.27.13, >= 1.28.0, < 1.28.9, >= 1.29.0, < 1.29.4
LOW2.7CVE-2024-3177Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
from 0, < 1.27.13