Go modules package
k8s.io/kubernetes
pkg:golang/k8s.io/kubernetes
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7561 | Low | 3.1 | < 1.2.0-alpha.6 | 1.2.0-alpha.6 | Aug 7, 2017 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |
| CVE-2017-1000056 | Cri | 9.8 | >= 1.5.0, < 1.5.5 | 1.5.5 | Jul 17, 2017 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | |
| CVE-2015-5305 | — | < 1.1.1 | 1.1.1 | Nov 6, 2015 | Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. |
- affected < 1.2.0-alpha.6fixed 1.2.0-alpha.6
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
- affected >= 1.5.0, < 1.5.5fixed 1.5.5
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
- CVE-2015-5305Nov 6, 2015affected < 1.1.1fixed 1.1.1
Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd.
Page 3 of 3