x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

GoVulnBot · 2025-02-13T21:01:22Z

Advisory GHSA-jgfp-53c3-624w references a vulnerability in the following Go modules:

Module
k8s.io/kubernetes

Description:
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.

References:

Cross references:

k8s.io/kubernetes appears in 41 other report(s):
- data/excluded/GO-2022-0904.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8561, GHSA-74j8-88mm-7496 #904) NOT_IMPORTABLE
- data/excluded/GO-2022-0909.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25740, GHSA-vw47-mr44-3jf9 #909) NOT_IMPORTABLE
- data/excluded/GO-2022-0940.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8554, GHSA-j9wf-vvm6-4r9w #940) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1943.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-f4w6-3rh6-6q4q #1943) EFFECTIVELY_PRIVATE
- data/reports/GO-2021-0066.yaml (dummy issue #66)
- data/reports/GO-2022-0617.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qh36-44jv-c8xj #617)
- data/reports/GO-2022-0701.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jp32-vmm6-3vf5 #701)
- data/reports/GO-2022-0703.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/apiserver: GHSA-pmqp-h87c-mr78 #703)
- data/reports/GO-2022-0782.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-34jx-wx69-9x8v #782)
- data/reports/GO-2022-0802.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-6qfg-8799-r575 #802)
- data/reports/GO-2022-0867.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubelet/server: GHSA-qhm4-jxv7-j9pq #867)
- data/reports/GO-2022-0885.yaml (x/vulndb: potential Go vuln in k8s.io/kube-proxy: GHSA-wqv3-8cm6-h6wg #885)
- data/reports/GO-2022-0886.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/util/mount: GHSA-wqwf-x5cj-rg56 #886)
- data/reports/GO-2022-0890.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/volume/storageos: GHSA-x6mj-w4jf-jmgw #890)
- data/reports/GO-2022-0907.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25735, GHSA-g42g-737j-qx6j #907)
- data/reports/GO-2022-0908.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25737, GHSA-mfv7-gq43-w965 #908)
- data/reports/GO-2022-0910.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25741, GHSA-f5f7-6478-qm6p #910)
- data/reports/GO-2022-0983.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/kubectl: CVE-2021-25743, GHSA-f9jg-8p32-2f55 #983)
- data/reports/GO-2023-1492.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jx2-76rc-2v7v #1492)
- data/reports/GO-2023-1628.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-2394-5535-8j88 #1628)
- data/reports/GO-2023-1629.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jh36-q97c-9928 #1629)
- data/reports/GO-2023-1864.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-xc8m-28vv-4pjc #1864)
- data/reports/GO-2023-1891.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qc2g-gmh6-95p4 #1891)
- data/reports/GO-2023-1892.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-cgcv-5272-97pr #1892)
- data/reports/GO-2023-1946.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q4rr-64r9-fwgf #1946)
- data/reports/GO-2023-1959.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jq6-ffph-p4h8 #1959)
- data/reports/GO-2023-1977.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g #1977)
- data/reports/GO-2023-1985.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985)
- data/reports/GO-2023-2159.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2021-25736 #2159)
- data/reports/GO-2023-2170.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q78c-gwqw-jcmc #2170)
- data/reports/GO-2023-2330.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-7fxm-f474-hf8w #2330)
- data/reports/GO-2023-2341.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-hq6q-c2x6-hmch #2341)
- data/reports/GO-2024-2746.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-pxhw-596r-rwq5 #2746)
- data/reports/GO-2024-2748.yaml (x/vulndb: potential Go vuln in k8s.io/apimachinery: GHSA-33c5-9fx5-fvjm #2748)
- data/reports/GO-2024-2753.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/kubelet: GHSA-55qj-gj3x-jq9r #2753)
- data/reports/GO-2024-2754.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754)
- data/reports/GO-2024-2755.yaml (x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5xfg-wv98-264m #2755)
- data/reports/GO-2024-2780.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes/cmd/kubelet: GHSA-r76g-g87f-vw8f #2780)
- data/reports/GO-2024-2994.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994)
- data/reports/GO-2024-3277.yaml (x/vulndb: potential Go vuln in github.com/openshift/kubernetes: CVE-2024-0793 #3277)
- data/reports/GO-2024-3286.yaml (x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-27wf-5967-98gx #3286)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: k8s.io/kubernetes
      versions:
        - fixed: 1.29.14
        - introduced: 1.30.0
        - fixed: 1.30.10
        - introduced: 1.31.0
        - fixed: 1.31.6
        - introduced: 1.32.0
        - fixed: 1.32.2
      vulnerable_at: 1.32.1
summary: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
cves:
    - CVE-2025-0426
ghsas:
    - GHSA-jgfp-53c3-624w
references:
    - advisory: https://github.com/advisories/GHSA-jgfp-53c3-624w
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-0426
    - report: https://github.com/kubernetes/kubernetes/issues/130016
    - web: http://www.openwall.com/lists/oss-security/2025/02/13/1
    - web: https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8
source:
    id: GHSA-jgfp-53c3-624w
    created: 2025-02-13T21:01:22.422193757Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2025-03-03T16:32:24Z

Change https://go.dev/cl/654257 mentions this issue: data/reports: add 23 reports

GoVulnBot added the NeedsTriage label Feb 13, 2025

thatnealpatel added triaged and removed NeedsTriage labels Feb 21, 2025

thatnealpatel self-assigned this Feb 21, 2025

gopherbot closed this as completed in a5c443c Mar 3, 2025

GoVulnBot mentioned this issue Mar 13, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-vv39-3w5q-974q #3522

Open

GoVulnBot mentioned this issue Mar 21, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes/cmd/kube-apiserver: GHSA-r56h-j38w-hrqq #3547

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

GoVulnBot commented Feb 13, 2025

gopherbot commented Mar 3, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

Comments

GoVulnBot commented Feb 13, 2025

gopherbot commented Mar 3, 2025