CNNVD-202512-2579 Information
CNNVD ID
CNNVD-202512-2579
Related CVE
- CNNVD Published: 2025-12-14
Description (Chinese)
Kubernetes(K8s)是Kubernetes开源的一个开源系统,用于自动部署、扩展和管理容器化应用程序。 Kubernetes存在安全漏洞,该漏洞源于Portworx StorageClass存在服务器端请求伪造,可能导致信息泄露。
Description (English)
Kubernetes (K8s) is an open-source system for the automatic deployment, extension and management of containerization applications in Kubernetes. There is a security loophole in Kubernetes, which stems from the existence of a server at Portworkx StorageClass, which may lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Kubernetes
Published
2025-12-14
Last Modified
2026-02-24
References
https://github.com/kubernetes/kubernetes/issues/135525 https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ http://www.openwall.com/lists/oss-security/2025/12/01/4 https://vigilance.fr/vulnerability/Kubernetes-Server-Side-Request-Forgery-via-kube-controller-manager-48922
Patch
https://github.com/kubernetes/kubernetes/releases
Share on: