Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2025-1767 #3521

Closed
GoVulnBot opened this issue Mar 13, 2025 · 1 comment
Closed

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2025-1767 #3521

GoVulnBot opened this issue Mar 13, 2025 · 1 comment
Labels
cve-year-2025 triaged

Comments

@GoVulnBot
Copy link

Advisory CVE-2025-1767 references a vulnerability in the following Go modules:

Module
github.com/kubernetes/kubernetes

Description:
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

References:

Cross references:

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/kubernetes/kubernetes
      vulnerable_at: 1.32.3
summary: CVE-2025-1767 in github.com/kubernetes/kubernetes
cves:
    - CVE-2025-1767
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-1767
    - fix: https://github.com/kubernetes/kubernetes/pull/130786
    - web: https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s
source:
    id: CVE-2025-1767
    created: 2025-03-13T18:01:28.842070092Z
review_status: UNREVIEWED
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/660559 mentions this issue: data/reports: add 28 reports

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
cve-year-2025 triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @thatnealpatel @GoVulnBot