VDB
GO-2024-2746
GO-2024-2746
PUBLISHED
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| k8s.io | kubernetes | 0, 1.28.0, 1.29.0 |
Timeline
- Jun 4, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-pxhw-596r-rwq5 advisory
- https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ url
- https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a fix
- https://github.com/kubernetes/kubernetes/issues/124336 discussion