Kubernetes - v1.25.16

Security

Changelog since v1.25.15

Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2023-5528: Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

Affected Versions:
- kubelet >= v1.8.0

Fixed Versions:
- kubelet v1.28.4
- kubelet v1.27.8
- kubelet v1.26.11
- kubelet v1.25.16

This vulnerability was reported by Tomer Peled @tomerpeled92"

CVSS Rating: High (7.2) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Details

date
Nov. 16, 2023, 11:30 a.m.
name
Kubernetes v1.25.16
type
Patch
official page
https://github.com/kubernetes/kubernetes/releases/tag/v1.25.16
👇
Register or login to:
  • 🔍View and search all Kubernetes releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or