ALT-PU-2025-2011-3
Package kubernetes1.31 updated to version 1.31.5-alt1 for branch sisyphus in task 371804.
Closed vulnerabilities
Published: 2025-01-24
Modified: 2025-06-09
Modified: 2025-06-09
BDU:2025-00672
Уязвимость утилиты kubelet программного средства управления кластерами виртуальных машин Kubernetes для операционных систем Windows, позволяющая нарушителю выполнить произвольные команды
Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM (6.6)Vector: AV:N/AC:H/Au:S/C:C/I:C/A:N
References:
Published: 2025-03-13
Modified: 2026-04-15
Modified: 2026-04-15
CVE-2024-9042
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2025-03-13
Modified: 2025-03-14
Modified: 2025-03-14
GHSA-vv39-3w5q-974q
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-9042
- https://github.com/kubernetes/kubernetes/issues/129654
- https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
- https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
- https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
- https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
- https://github.com/kubernetes/kubernetes
- https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
- http://www.openwall.com/lists/oss-security/2025/01/16/1