Vulnerability Reportkubernetesui/dashboard:v2.7.0

kubernetesui/dashboard:latestkubernetesui/dashboard:v2.7.0
DIGESTsha256:2e500d29e9d5f4a086b908eb8dfe7ecac57d2ab09d65b24f588b1d449841ef93

Executive Summary

Threat Score
100/100DANGEROUS
Reputation
RELIABLE

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve arbitrary JavaScript execution via template injection (CVE-2023-24538) leading to session hijacking or data theft, or launch a denial-of-service attack (CVE-2023-44487) causing resource exhaustion. All vulnerabilities are remotely exploitable with no special configuration required, and no partial mitigations can fully eliminate the risk. The only effective remediation is to upgrade to a patched version of the Go toolchain and dependencies.

Vulnerabilities

Vulnerability Log

110 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2023-24538CRITICAL9.8
stdlib
v1.19
fixed in 1.19.8, 1.20.3
2.3%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-24540CRITICAL9.8
stdlib
v1.19
fixed in 1.19.9, 1.20.4
1.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-44487CRITICAL9.75
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.17.0
100.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2023-45288CRITICAL9.75
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.23.0
92.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2023-45288CRITICAL9.75
stdlib
v1.19
fixed in 1.21.9, 1.22.2
92.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2024-24790HIGH7.84
stdlib
v1.19
fixed in 1.21.11, 1.22.4
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-27664HIGH7.5
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.0.0-20220906165146-f3363e06e74c
2.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-41721HIGH7.5
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.1.1-0.20221104162952-702349b0e862
1.8%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-41723HIGH7.5
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.7.0
4.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-39325HIGH7.5
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.17.0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-27664HIGH7.5
stdlib
v1.19
fixed in 1.18.6, 1.19.1
2.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-2880HIGH7.5
stdlib
v1.19
fixed in 1.18.7, 1.19.2
1.1%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-41723HIGH7.5
stdlib
v1.19
fixed in 1.19.6, 1.20.1
4.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41724HIGH7.5
stdlib
v1.19
fixed in 1.19.6, 1.20.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-41725HIGH7.5
stdlib
v1.19
fixed in 1.19.6, 1.20.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-24534HIGH7.5
stdlib
v1.19
fixed in 1.19.8, 1.20.3
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2023-24536HIGH7.5
stdlib
v1.19
fixed in 1.19.8, 1.20.3
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-24537HIGH7.5
stdlib
v1.19
fixed in 1.19.8, 1.20.3
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-39325HIGH7.5
stdlib
v1.19
fixed in 1.20.10, 1.21.3
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45283HIGH7.5
stdlib
v1.19
fixed in 1.20.11, 1.21.4, 1.20.12, 1.21.5
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-45287HIGH7.5
stdlib
v1.19
fixed in 1.20.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-34156HIGH7.5
stdlib
v1.19
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-24539HIGH7.3
stdlib
v1.19
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-29400HIGH7.3
stdlib
v1.19
fixed in 1.19.9, 1.20.4
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-68121MEDIUM6.8
stdlib
v1.19
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2023-29403MEDIUM6.63
stdlib
v1.19
fixed in 1.19.10, 1.20.5
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-29406MEDIUM6.5
stdlib
v1.19
fixed in 1.19.11, 1.20.6
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-22869MEDIUM6.38
golang.org/x/crypto
v0.0.0-20220525230936-793ad666bf5e
fixed in 0.35.0
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22868MEDIUM6.38
golang.org/x/oauth2
v0.0.0-20220524215830-622c5d57e401
fixed in 0.27.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2022-41716MEDIUM6.38
stdlib
v1.19
fixed in 1.18.8, 1.19.3
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61726MEDIUM6.38
stdlib
v1.19
fixed in 1.24.12, 1.25.6
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM6.38
stdlib
v1.19
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-25679MEDIUM6.38
stdlib
v1.19
fixed in 1.25.8, 1.26.1
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-32280MEDIUM6.38
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32281MEDIUM6.38
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32283MEDIUM6.38
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33811MEDIUM6.38
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-33814MEDIUM6.38
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-39820MEDIUM6.38
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-39836MEDIUM6.38
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-58183MEDIUM6.38
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61728MEDIUM6.38
stdlib
v1.19
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-45339MEDIUM6.03
github.com/golang/glog
v1.0.0
fixed in 1.2.4
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-32149MEDIUM6
golang.org/x/text
v0.3.7
fixed in 0.3.8
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-2879MEDIUM6
stdlib
v1.19
fixed in 1.18.7, 1.19.2
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-32190MEDIUM6
stdlib
v1.19
fixed in 1.19.1
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-41715MEDIUM6
stdlib
v1.19
fixed in 1.18.7, 1.19.2
1.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-47907MEDIUM5.95
stdlib
v1.19
fixed in 1.23.12, 1.24.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24786MEDIUM5.9
google.golang.org/protobuf
v1.28.0
fixed in 1.33.0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-24791MEDIUM5.9
stdlib
v1.19
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34158MEDIUM5.9
stdlib
v1.19
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.19
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-2253MEDIUM5.52
github.com/docker/distribution
v2.8.1+incompatible
fixed in 2.8.2-beta.1
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-35469MEDIUM5.52
github.com/moby/spdystream
v0.2.0
fixed in 0.5.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22872MEDIUM5.52
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.38.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-24785MEDIUM5.52
stdlib
v1.19
fixed in 1.21.8, 1.22.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.19
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.19
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24784MEDIUM5.4
stdlib
v1.19
fixed in 1.21.8, 1.22.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-41717MEDIUM5.3
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.4.0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-41717MEDIUM5.3
stdlib
v1.19
fixed in 1.18.9, 1.19.4
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-29409MEDIUM5.3
stdlib
v1.19
fixed in 1.19.12, 1.20.7, 1.21.0-rc.4
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-39326MEDIUM5.3
stdlib
v1.19
fixed in 1.20.12, 1.21.5
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-45289MEDIUM5.3
stdlib
v1.19
fixed in 1.21.8, 1.22.1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-45290MEDIUM5.3
stdlib
v1.19
fixed in 1.21.8, 1.22.1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-3978MEDIUM5.18
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.13.0
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-39318MEDIUM5.18
stdlib
v1.19
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-39319MEDIUM5.18
stdlib
v1.19
fixed in 1.20.8, 1.21.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-24783MEDIUM5.02
stdlib
v1.19
fixed in 1.21.8, 1.22.1
0.7%
Theoretical Threat
Directly Exposed
CVE-2024-34155MEDIUM5.02
stdlib
v1.19
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.19
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-24789MEDIUM4.67
stdlib
v1.19
fixed in 1.21.11, 1.22.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.19
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.19
fixed in 1.23.8, 1.24.2
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.19
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-47914MEDIUM4.5
golang.org/x/crypto
v0.0.0-20220525230936-793ad666bf5e
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58181MEDIUM4.5
golang.org/x/crypto
v0.0.0-20220525230936-793ad666bf5e
fixed in 0.45.0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-24532MEDIUM4.5
stdlib
v1.19
fixed in 1.19.7, 1.20.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2023-45284MEDIUM4.5
stdlib
v1.19
fixed in 1.20.11, 1.21.4
0.9%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.19
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.19
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.19
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.19
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.19
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-28180MEDIUM4.3
gopkg.in/square/go-jose.v2
v2.6.0
No fix yet
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-22870LOW3.74
golang.org/x/net
v0.0.0-20220722155237-a158d28d115b
fixed in 0.36.0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.19
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.19
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45337LOW2.95
golang.org/x/crypto
v0.0.0-20220525230936-793ad666bf5e
fixed in 0.31.0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2023-48795LOW2.76
golang.org/x/crypto
v0.0.0-20220525230936-793ad666bf5e
fixed in 0.17.0, 0.0.0-20231218163308-9d2ee975ef9f
93.3%
Actively Exploited
Post-Exploit
CVE-2022-41720LOW2.7
stdlib
v1.19
fixed in 1.18.9, 1.19.4
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-41722LOW2.7
stdlib
v1.19
fixed in 1.19.6, 1.20.1
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.19
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-39823NONE0
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Not Applicable
CVE-2026-39825NONE0
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Not Applicable
CVE-2026-42499NONE0
stdlib
v1.19
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Not Applicable
CVE-2026-42504NONE0
stdlib
v1.19
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.19
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable
CVE-2026-27145NONE0
stdlib
v1.19
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable
CVE-2026-42507NONE0
stdlib
v1.19
fixed in 1.25.11, 1.26.4
0.3%
Theoretical Threat
Not Applicable