Kube-apiserver
Vulnerabilities
3
Known exploited
0
Max CVSS
8
Top EPSS
0.01556
Severity breakdown
Critical
0
High
2
Medium
1
Low
0
Affected version ranges
4.14–4.15.10< 1.31.12
Also matched as (raw): kube-apiserver
Top vulnerabilities
CVE-2023-1260An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.
CVE-2024-1139A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
CVE-2025-5187A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.