CVE-2025-13281

MEDIUM5.8EPSS 0.01%

Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

發布日:2025/12/15修改日:2026/2/4

也稱為:GHSA-r6j8-c6r2-37rrCGA-qpfv-qmrf-52w5GO-2025-4240

描述

Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

Debian/kubernetesfrom 0, < 1.20.5+really1.20.2-1
Go/k8s.io/kubernetesfrom 0, < 1.32.10
Go/k8s.io/kubernetesfrom 0, < 1.32.10, >= 1.33.0-alpha.0, < 1.33.6, >= 1.34.0-alpha.0, < 1.34.2

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.8	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N