Vulnerabilities > Kubernetes > Kubernetes > 1.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-06 | CVE-2021-25735 | Unspecified vulnerability in Kubernetes A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. | 6.5 |
| 2020-12-07 | CVE-2020-8563 | Information Exposure Through Log Files vulnerability in Kubernetes In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. | 2.1 |
| 2020-07-23 | CVE-2020-8557 | Resource Exhaustion vulnerability in Kubernetes The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. | 5.5 |
| 2020-07-23 | CVE-2019-11252 | Information Exposure Through an Error Message vulnerability in Kubernetes The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | 5.0 |
| 2020-06-05 | CVE-2020-8555 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | 6.3 |
| 2020-04-01 | CVE-2019-11254 | Resource Exhaustion vulnerability in Kubernetes The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | 4.0 |
| 2020-03-27 | CVE-2020-8552 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | 4.3 |
| 2019-08-29 | CVE-2019-11250 | Information Exposure Through Log Files vulnerability in multiple products The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. | 3.5 |
| 2019-08-29 | CVE-2019-11249 | Permissions, Privileges, and Access Controls vulnerability in Kubernetes The kubectl cp command allows copying files between containers and the user machine. | 5.8 |
| 2019-08-29 | CVE-2019-11248 | Information Exposure vulnerability in Kubernetes The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. | 6.4 |