CNNVD-202507-1527 Information
CNNVD ID
CNNVD-202507-1527
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
Headlamp是Kubernetes SIGs开源的一个UI程序。 Headlamp 0.31.1之前版本存在参数注入漏洞,该漏洞源于codeSign.js脚本中命令注入,可能导致执行任意命令。
Description (English)
Headlamp is a UI program that opens Kubernetes SIGs. Before Headlamp 0.31.1, there was a gap in the parameters, which stemmed from the order injection in the codeSign.js script, which could lead to the execution of arbitrary orders.
Hazard Level
Medium
Vulnerability Type
参数注入
Affected Vendor
Kubernetes SIGs
Published
2025-07-10
Last Modified
2026-02-24
References
https://github.com/kubernetes-sigs/headlamp/commit/5bc0a9dd87acdf1e04be14619acde687eefa35fb https://github.com/kubernetes-sigs/headlamp/security/advisories/GHSA-34rf-485x-g5h7 https://advisory.zerodaysec.org/advisory/kubernetes-headlamp-code-signing https://github.com/kubernetes-sigs/headlamp/pull/3377 https://nvd.nist.gov/vuln/detail/CVE-2025-53542
Patch
https://github.com/kubernetes-sigs/headlamp/releases
Share on: