Skip to content

[release-1.32] fix: CVE-2025-13281#2901

Merged
andyzhangx merged 1 commit intorelease-1.32from
CVE-2025-13281-1.32
Dec 17, 2025
Merged

[release-1.32] fix: CVE-2025-13281#2901
andyzhangx merged 1 commit intorelease-1.32from
CVE-2025-13281-1.32

Conversation

@andyzhangx
Copy link
Copy Markdown
Member

@andyzhangx andyzhangx commented Dec 17, 2025

What type of PR is this?
/kind bug

What this PR does / why we need it:
fix: CVE-2025-13281

cherrypick of #2898

┌───────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────┬──────────────────────────────────────────────────────┐
│      Library      │ Vulnerability  │ Severity │ Status │ Installed Version │      Fixed Version      │                        Title                         │
├───────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────┼──────────────────────────────────────────────────────┤
│ k8s.io/kubernetes │ CVE-2025-13281 │ MEDIUM   │ fixed  │ v1.33.4           │ 1.32.10, 1.33.6, 1.34.2 │ kube-controller-manager: Portworx Half-Blind SSRF in │
│                   │                │          │        │                   │                         │ kube-controller-manager                              │
│                   │                │          │        │                   │                         │ https://avd.aquasec.com/nvd/cve-2025-13281           │
└───────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────┴──────────────────────────────────────────────────────┘

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 17, 2025
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Dec 17, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested review from cvvz and gnufied December 17, 2025 01:53
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 17, 2025
@andyzhangx andyzhangx merged commit 3b64d02 into release-1.32 Dec 17, 2025
27 of 28 checks passed
@andyzhangx andyzhangx deleted the CVE-2025-13281-1.32 branch December 21, 2025 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cvvz cvvz Awaiting requested review from cvvz

@gnufied gnufied Awaiting requested review from gnufied

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andyzhangx @k8s-ci-robot