GCVE - cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kubernetes (`3ee05930-9e42-51b2-ad52-30832f573b15`)
Product	Kubelet (`fedfc6ce-fa74-560e-889d-e80e91853b7a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-1767`	vulnerable	2026-06-03 14:59:06.461478	Details available MEDIUM (6.5) This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. Published: 2025-03-13T16:40:42.663Z Updated: 2025-03-17T16:59:37.276Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/pull/130786 https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0426`	vulnerable	2026-06-03 14:58:32.223423	Details available MEDIUM (6.2) A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. Published: 2025-02-13T15:16:13.703Z Updated: 2025-02-13T17:02:37.167Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/130016 https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9042`	vulnerable	2026-06-03 14:58:20.364728	Details available MEDIUM (5.9) This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. Published: 2025-03-13T16:40:13.895Z Updated: 2025-03-13T19:24:39.825Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/129654 https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10220`	vulnerable	2026-06-03 14:54:05.137136	Arbitrary command execution through gitRepo volume HIGH (8.1) The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. Published: 2024-11-22T16:23:00.535Z Updated: 2024-11-25T18:22:59.457Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/128885 https://groups.google.com/g/kubernetes-security-announce/c/ptNgV5Necko	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5528`	vulnerable	2026-06-03 14:53:48.914656	Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation HIGH (7.2) A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. Published: 2023-11-14T20:32:08.411Z Updated: 2026-02-25T17:20:08.702Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/121879 https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3955`	vulnerable	2026-06-03 14:52:42.209554	Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation HIGH (8.8) A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Published: 2023-10-31T20:36:54.352Z Updated: 2025-02-13T17:03:13.470Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/119595 https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E https://security.netapp.com/advisory/ntap-20231221-0002/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3676`	vulnerable	2026-06-03 14:52:41.476108	Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation HIGH (8.8) A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Published: 2023-10-31T20:22:53.620Z Updated: 2025-02-27T20:38:37.768Z Open on db.gcve.eu Reference links https://github.com/kubernetes/kubernetes/issues/119339 https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc https://security.netapp.com/advisory/ntap-20231130-0007/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.