ALT-PU-2025-11108-3

Package update kubernetes1.33 in branch sisyphus

Version1.33.4-alt1

Published2026-02-04

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM6.7

Уязвимость плагина NodeRestriction сервера kube-apiserver программного средства управления кластерами виртуальных машин Kubernetes, позволяющая нарушителю повысить свои привилегии

Published: 2025-09-08Modified: 2025-09-24

CVSS 3.xMEDIUM 6.7

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVSS 2.0HIGH 8.7

CVSS:2.0/AV:N/AC:L/Au:S/C:C/I:C/A:P

References

CVE-2025-5187

MEDIUM6.7

A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.

Published: 2025-08-27Modified: 2026-04-15

CVSS 3.xMEDIUM 6.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

References

GHSA-4x4m-3c2p-qppc

MEDIUM6.7

Kubernetes Nodes can delete themselves by adding an OwnerReference

Published: 2025-08-27Modified: 2025-08-27

CVSS 3.xMEDIUM 6.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

References