AZL-72386

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72386.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-72386

Upstream

CVE-2025-13281

Published

2025-12-14T22:15:36Z

Modified

2026-04-21T04:36:44.116444Z

Summary

CVE-2025-13281 affecting package kubernetes for versions less than 1.28.4-21

Details

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

References

https://nvd.nist.gov/vuln/detail/CVE-2025-13281

Affected packages

Azure Linux:2 / kubernetes

Package

Name: kubernetes
Purl: pkg:rpm/azure-linux/kubernetes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.28.4-21

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72386.json"