VDB
GO-2024-2748
GO-2024-2748
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Privilege Escalation in Kubernetes in k8s.io/apimachinery
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| k8s.io | kubernetes | 0, 1.17.0, 1.18.0 |
| k8s.io | apimachinery | 0, 0.17.0, 0.18.0 |
Timeline
- May 20, 2024 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-33c5-9fx5-fvjm advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1851422 url
- https://github.com/tdwyer/CVE-2020-8559 url
- https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ url
- https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs url
- https://security.netapp.com/advisory/ntap-20200810-0004 url
- https://github.com/kubernetes/kubernetes/issues/92914 discussion
- https://github.com/kubernetes/kubernetes/pull/92941 fix