products / kubelet
Kubernetes kubelet
kubelet runs on each node and starts pods. Attestd uses the keyword kubelet with NVD keywordExactMatch to scope CVEs that mention the node agent.
api usage
Querying kubelet
product slug
kubeletversion format
1.27.0, 1.30.0bash
curl "https://api.attestd.io/v1/check?product=kubelet&version=1.24.0" \
-H "Authorization: Bearer $ATTESTD_KEY"1.27.0 overlaps CVE ranges including CVE-2023-5528 where kubelet is in the affected configuration.
json
{
"product": "kubelet",
"version": "1.24.0",
"supported": true,
"risk_state": "elevated",
"risk_factors": ["internet_exposed_service", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": true,
"patch_available": true,
"fixed_version": "1.24.8",
"confidence": 0.85,
"cve_ids": ["CVE-2022-3294", "CVE-2023-2431"],
"last_updated": "2026-04-25T00:00:00Z"
}safe version
1.30.0 is used as a patched-line example; re-verify after NVD updates.
bash
curl "https://api.attestd.io/v1/check?product=kubelet&version=1.28.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2023-5528 | Windows node privilege escalation (shared Kubernetes CPE). | 1.27.x | 8.8 |
CVE-2021-25737 | EndpointSlice mirroring bypass under RBAC edge cases. | 1.21.x | 4.8 |
CVE-2020-8557 | Disk exhaustion via container log symlink handling. | 1.18 and prior | 5.5 |
CVE-2019-11245 | Container runAsUser override when image specifies user. | 1.13.x | 7.8 |
CVE-2018-1002105 | API server proxy websocket escalation (also apiserver). | 1.10 and prior | 9.8 |
data sources
Shared CPE namespace
Same as kube-apiserver: kubernetes:kubernetes with keyword kubelet for scoping.
related