Kubernetes - v1.22.16

Security

Changelog since v1.22.15

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

Affected Versions:
- kube-apiserver v1.25.0 - v1.25.3
- kube-apiserver v1.24.0 - v1.24.7
- kube-apiserver v1.23.0 - v1.23.13
- kube-apiserver v1.22.0 - v1.22.15
- kube-apiserver <= v1.21.?

Fixed Versions:
- kube-apiserver v1.25.4
- kube-apiserver v1.24.8
- kube-apiserver v1.23.13
- kube-apiserver v1.22.16

This vulnerability was reported by Richard Turnbull of NCC Group as part of the Kubernetes Audit

CVSS Rating: Medium (6.5) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.


Details

date
Nov. 10, 2022, 5:42 p.m.
name
Kubernetes v1.22.16
type
Patch
👇
Register or login to:
  • 🔍View and search all Kubernetes releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or