VDB

RHSA-2025%3A8704

RHSA-2025%3A8704 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in Kubernetes Windows nodes. This vulnerability allows a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64 as a component of Red Hat OpenShift for Windows Containers 10.17*, registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64 as a component of Red Hat OpenShift for Windows Containers 10.17
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64 as a component of Red Hat OpenShift for Windows Containers 10.17registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64 as a component of Red Hat OpenShift for Windows Containers 10.17*, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-operator-bundle@sha256:17e4816ce48fe9e387503f3fece60dce901070c7923ed5e956dbb0080360b4a5_amd64
Red Hatregistry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64 as a component of Red Hat OpenShift for Windows Containers 10.17registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64, registry.redhat.io/openshift4-wincw/windows-machine-config-rhel9-operator@sha256:ba892f84e923e83a32d5f66dd6f61ff5a6b51cdeba1ef3ae2b250d822b1b0482_amd64, *

Timeline

  • Jun 9, 2025 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Jun 18, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›