github.com/kubernetes/kubernetes (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/kubernetes/kubernetes, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2018-1002105 — CVSS 9.8 (critical): In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in…
CVE-2016-1905 — CVSS 7.7 (high): The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional…
CVE-2022-3294 — CVSS 6.6 (medium): Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can…
CVE-2022-3162 — CVSS 6.5 (medium): Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the…
CVE-2015-5305 — CVSS 6.4 (medium): Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files…
CVE-2015-7528 — CVSS 5.3 (medium): Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
CVE-2020-8564 — CVSS 4.7 (medium): In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the…
CVE-2020-8566 — CVSS 4.7 (medium): In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to…
CVE-2020-8563 — CVSS 4.7 (medium): In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked…